Iowaparamed Posted February 16, 2015 ID:940205 Share Posted February 16, 2015 So somehow my office pc got bikiniland on it and after reading TwoHeadedEagle's posts I downloaded mbar. Problem was that every time I tried to run it the pc would restart. I restarted in safe mode and have been able to run mbar. I'll post the results Link to post Share on other sites More sharing options...
kevinf80 Posted February 16, 2015 ID:940208 Share Posted February 16, 2015 Hello and welome, P2P/Piracy Warning: If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy. Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Post the two logs ffrom FRST, also post the two logs from MBAR.. Thanks, Kevin. Link to post Share on other sites More sharing options...
Iowaparamed Posted February 16, 2015 Author ID:940234 Share Posted February 16, 2015 Ok this is from my phone as I am still working on the pc. I was able to run farbar. But so far every time I attempt to run mbar other than in safe mode, it causes a reboot of the system. Any thoughts about what to do? Link to post Share on other sites More sharing options...
kevinf80 Posted February 16, 2015 ID:940238 Share Posted February 16, 2015 You did say that MBAR was ran successfully in safemode, all I ask is that you let me see those logs, I did not ask for it to be ran again. Also post logs from FRST. Link to post Share on other sites More sharing options...
Iowaparamed Posted February 16, 2015 Author ID:940243 Share Posted February 16, 2015 Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015Ran by Jane (administrator) on JANE-A916F8D39A on 16-02-2015 15:53:11Running from C:\Documents and Settings\Jane\My Documents\DownloadsLoaded Profiles: Jane (Available profiles: Jane & Curtis & Matt)Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)Internet Explorer Version 8 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(IObit) C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE(ASUSTeK Computer Inc.) C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\realplay.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe(America Online, Inc.) C:\WINDOWS\system32\PackethSvc.exe() C:\Program Files\Flip Video\FlipShare\FlipShareService.exe() C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe(Brand Affinity Technologies) C:\Program Files\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe(IObit) C:\Program Files\IObit\Driver Booster\DriverBooster.exe(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe(IObit) C:\Program Files\IObit\Advanced SystemCare 7\DelayLoad.exe(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [18790432 2010-01-29] (Realtek Semiconductor Corp.)HKLM\...\Run: [Gpu Boost Driver] => C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe [1137280 2010-03-27] (ASUSTeK Computer Inc.)HKLM\...\Run: [RealTray] => C:\Program Files\Real\RealPlayer\RealPlay.exe [26112 2011-10-12] (RealNetworks, Inc.)HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-08-10] (Apple Inc.)HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)Winlogon\Notify\avgrsstarter: C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0HKLM\...\Policies\Explorer: [NoResolveSearch] 1HKU\S-1-5-21-436374069-1614895754-682003330-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)HKU\S-1-5-21-436374069-1614895754-682003330-1003\...\MountPoints2: {fe4625b5-db91-11db-b9d7-806d6172696f} - D:\Setup.EXEIFEO\FFVCFG.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exeIFEO\FFVCheckForUpdates.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exeIFEO\FreeFileViewer.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exeStartup: C:\Documents and Settings\Curtis\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8620.lnkShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8620.lnk -> C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPStatusBL.dll (Hewlett-Packard Co.)SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No FileShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbclHKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =HKU\S-1-5-21-436374069-1614895754-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://binkiland.com/?f=1&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir=HKU\S-1-5-21-436374069-1614895754-682003330-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchURLSearchHook: HKU\S-1-5-21-436374069-1614895754-682003330-1003 - (No Name) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - No FileURLSearchHook: HKU\S-1-5-21-436374069-1614895754-682003330-1003 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No FileURLSearchHook: HKU\S-1-5-21-436374069-1614895754-682003330-1003 - (No Name) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - No FileSearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =SearchScopes: HKLM -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=tb50aoldesktopie7SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir=SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}SearchScopes: HKLM -> {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^UX^xdm038^YY^us&si=google_directions&ptb=AD8DE84C-491D-4D3F-807E-60187F67C903&ind=2013032110&n=77fc6eae&psa=&st=sb&searchfor={searchTerms}SearchScopes: HKLM -> {BF144835-A0ED-4C47-8BFB-1BBB97113BD9} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70aSearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir=SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL =SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir=SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> {8ED9E20E-6BF6-41F7-89A5-6F9351D816CD} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=file0202ie&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0SyBzztBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=2033812561&ir=SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg.com/search?cid={D501F91E-D740-4231-BD67-FF748F810857}&mid=d23dcf4916a0bbe372fbdbe9df1c76d7-a6a989b8055c0b6bde40d5e8e923ebb17c87ac5d〈=us&ds=AVG&pr=fr&d=2011-12-0908:04:25&v=12.2.5.32&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> {BF144835-A0ED-4C47-8BFB-1BBB97113BD9} URL =SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}BHO: No Name -> {03EB0E9C-7A91-4381-A220-9B52B641CDB1} -> No FileBHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)BHO: No Name -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> No FileBHO: No Name -> {1e91a655-bb4b-4693-a05e-2edebc4c9d89} -> No FileBHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No FileBHO: No Name -> {71c1d63a-c944-428a-a5bd-ba513190e5d2} -> No FileBHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No FileBHO: No Name -> {8A86D350-37AB-410A-8531-7D1363F317B3} -> No FileBHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO: No Name -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> No FileBHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No FileToolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No FileToolbar: HKLM - No Name - {364ea597-e728-4ce4-bb4a-ed846ef47970} - No FileToolbar: HKLM - No Name - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - No FileToolbar: HKLM - No Name - {10921475-03CE-4E04-90CE-E2E7EF20C814} - No FileToolbar: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No FileToolbar: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No FileToolbar: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No FileToolbar: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabHandler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"Winsock: Catalog5 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"Tcpip\Parameters: [DhcpNameServer] 192.168.1.1StartMenuInternet: IEXPLORE.EXE - iexplore.exeFireFox:========FF ProfilePath: C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\w8lh5aib.defaultFF DefaultSearchEngine: BinkilandFF SearchEngineOrder.1: MysearchdialFF SelectedSearchEngine: BinkilandFF Homepage: hxxp://binkiland.com/?f=1&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir=FF Keyword.URL: hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=AD8DE84C-491D-4D3F-807E-60187F67C903&n=77fc6c5b&ind=2013031515&p2=^UX^xdm038^YY^us&si=google_directions&searchfor=FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @MapsGalaxy_39.com/Plugin -> C:\Program Files\MapsGalaxy_39\bar\1.bin\NP39Stub.dll No FileFF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()FF user.js: detected! => C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\w8lh5aib.default\user.jsFF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdnu.dll (AOL LLC)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdnupdater2.dll (AOL LLC)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)FF SearchPlugin: C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\w8lh5aib.default\searchplugins\Binkiland.xmlFF SearchPlugin: C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\w8lh5aib.default\searchplugins\my-web-search.xmlFF SearchPlugin: C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\w8lh5aib.default\searchplugins\Mysearchdial.xmlFF SearchPlugin: C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\w8lh5aib.default\searchplugins\yahoo_ff.xmlFF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\w8lh5aib.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2014-02-26]FF HKLM\...\Firefox\Extensions: [{3f963a5b-e555-4543-90e2-c3908898db71}] - C:\Program Files\AVG\AVG8\FirefoxFF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-06-22]FF HKLM\...\Firefox\Extensions: [39ffxtbr@MapsGalaxy_39.com] - C:\Program Files\MapsGalaxy_39\bar\1.binFF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-19]StartMenuInternet: FIREFOX.EXE - firefox.exeChrome:=======CHR HomePage: Default -> hxxp://binkiland.com/?f=1&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir=CHR StartupUrls: Default -> "hxxp://binkiland.com/?f=7&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir=", "hxxp://www.google.com/"CHR DefaultSearchKeyword: Default -> binkiland.comCHR DefaultSearchURL: Default -> http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir=CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}CHR Profile: C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-27]CHR Extension: (Google Drive) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-27]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]CHR Extension: (YouTube) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-27]CHR Extension: (Google Search) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-27]CHR Extension: (Avast Online Security) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-04]CHR Extension: (Google Wallet) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-27]CHR Extension: (Fantapper) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ohgcjecomkebbohfjgmncelbhogbbokf [2014-08-27]CHR Extension: (Gmail) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-27]CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-07]CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2013-12-27]CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Documents and Settings\Curtis\Local Settings\Application Data\Slick Savings\coupons.crx [Not Found]CHR HKLM\...\Chrome\Extension: [ohgcjecomkebbohfjgmncelbhogbbokf] - C:\Program Files\Brand Affinity Technologies\Fantapper Player\\fantapper_gi20111005.crx [2011-12-15]CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]========================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 AdvancedSystemCareService7; C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe [893216 2014-08-18] (IObit)S4 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-07] (AVAST Software)R2 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [460144 2010-12-15] ()R2 FlipShareServer; C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2010-12-15] () [File not signed]R2 FTSvc; C:\Program Files\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe [11776 2011-12-15] (Brand Affinity Technologies) [File not signed]S4 itsvc_1.10.0.8; C:\Program Files\IntelliTerm_1.10.0.8\Service\itsvc.exe [278608 2015-01-21] (Intelli Term)R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-05-07] (Oracle Corporation)S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [0 2014-05-20] () <==== ATTENTION (zero size file/folder)R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)R2 PackethSvc; C:\WINDOWS\system32\PackethSvc.exe [51200 2000-12-07] (America Online, Inc.) [File not signed]S3 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [65536 2004-03-18] (HP) [File not signed]==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [2310272 2005-01-28] (Realtek Semiconductor Corp.)S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-17] (Creative)R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)R3 AODDriver; C:\Program Files\ASUS\GPU Boost Driver\i386\AODDriver.sys [36864 2010-03-12] (Advanced Micro Devices) [File not signed]R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [11296 2009-08-03] ()R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2015-01-07] ()R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2015-01-07] (AVAST Software)R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2015-01-07] (AVAST Software)R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2015-01-07] ()R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2015-01-07] (AVAST Software)R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2015-01-07] (AVAST Software)R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2015-01-07] (AVAST Software)R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2015-01-07] ()S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51088 2004-06-22] (HP)S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2004-06-22] (HP)S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2004-06-22] (HP)R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2015-01-12] (REALiX)R1 itnfd_1_10_0_8; C:\WINDOWS\System32\drivers\itnfd_1_10_0_8.sys [52728 2015-01-21] (Intelli Term)R0 JRAID; C:\WINDOWS\System32\DRIVERS\jraid.sys [106296 2015-02-16] (JMicron Technology Corp.)S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [108632 2015-02-16] (Malwarebytes Corporation)S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-17] (Creative Technology Ltd.)R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)R1 MpKsl22395e4f; C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1CA72FEF-4A58-43D0-9009-FE9122FE0809}\MpKsl22395e4f.sys [29904 2015-02-16] (Microsoft Corporation)R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-12] ()R0 nvatabus; C:\WINDOWS\System32\DRIVERS\nvatabus.sys [79360 2004-06-02] (NVIDIA Corporation)S3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [33280 2004-05-17] (NVIDIA Corporation)S3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [12928 2004-05-17] (NVIDIA Corporation)R0 nv_agp; C:\WINDOWS\System32\DRIVERS\nv_agp.sys [21760 2004-04-02] (NVIDIA Corporation)R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)R3 wandrv; C:\WINDOWS\System32\DRIVERS\wandrv.sys [22640 2000-12-03] (America Online, Inc.)S2 11281; \??\C:\DOCUME~1\Curtis\LOCALS~1\Temp\11281.sys [X]S4 IntelIde; No ImagePathS2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X]S4 LMIRfsClientNP; No ImagePathU5 P3; C:\Windows\System32\Drivers\P3.sys [42752 2008-04-13] (Microsoft Corporation)U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)U1 WS2IFSL; No ImagePath==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2015-02-16 15:53 - 2015-02-16 15:53 - 00000000 ____D () C:\FRST2015-02-16 15:52 - 2015-02-16 15:52 - 00007072 _____ () C:\WINDOWS\setupapi.log2015-02-16 15:52 - 2015-02-16 15:52 - 00000000 ____D () C:\WINDOWS\LastGood2015-02-16 14:39 - 2015-02-16 15:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)2015-02-16 14:00 - 2015-02-16 14:02 - 16466552 _____ (Malwarebytes Corp.) C:\Documents and Settings\Matt\Desktop\mbar-1.08.3.1004.exe2015-02-16 13:45 - 2015-02-16 15:43 - 00000000 ____D () C:\Documents and Settings\Matt\Desktop\mbar2015-02-16 13:36 - 2015-02-16 13:36 - 00000000 ____D () C:\Documents and Settings\Jane\Desktop\mbar2015-02-16 13:20 - 2015-02-16 13:20 - 35028992 _____ () C:\WINDOWS\system32\config\software.iodefrag2015-02-16 13:20 - 2015-02-16 13:20 - 05054464 _____ () C:\WINDOWS\system32\config\default.iodefrag2015-02-16 13:20 - 2015-02-16 13:20 - 00057344 _____ () C:\WINDOWS\system32\config\SECURITY.iodefrag2015-02-16 13:20 - 2015-02-16 13:20 - 00032768 _____ () C:\WINDOWS\system32\config\SAM.iodefrag2015-02-16 13:20 - 2015-02-16 13:20 - 00000000 _____ () C:\asc_rdflag2015-02-16 13:17 - 2015-02-16 14:39 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2015-02-16 09:21 - 2015-02-16 09:21 - 00000529 _____ () C:\Documents and Settings\Jane\Desktop\Shortcut to Alburnett Historical Society.lnk2015-02-16 07:52 - 2015-02-16 15:46 - 00000159 _____ () C:\WINDOWS\wiadebug.log2015-02-16 07:51 - 2015-02-16 15:46 - 00000049 _____ () C:\WINDOWS\wiaservc.log2015-02-16 07:51 - 2015-02-16 07:51 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log2015-02-16 07:50 - 2015-02-16 14:15 - 00032454 _____ () C:\WINDOWS\SchedLgU.Txt2015-02-12 15:42 - 2015-02-16 09:53 - 00000000 ____D () C:\Documents and Settings\Jane\My Documents\Alburnett Historical Society2015-02-07 09:37 - 2015-02-07 09:40 - 00000000 ____D () C:\Documents and Settings\Jane\Application Data\FreeFileViewer2015-02-06 08:37 - 2015-02-06 08:37 - 00000000 ____D () C:\Documents and Settings\Jane\Local Settings\Application Data\Binkiland2015-02-06 08:34 - 2015-02-06 08:35 - 00000000 ____D () C:\Documents and Settings\Jane\Local Settings\Application Data\FreeFileViewer2015-02-06 08:34 - 2015-02-06 08:34 - 00000754 _____ () C:\Documents and Settings\Jane\Desktop\FreeFileViewer.lnk2015-02-06 08:34 - 2015-02-06 08:34 - 00000754 _____ () C:\Documents and Settings\All Users\Start Menu\FreeFileViewer.lnk2015-02-06 08:34 - 2015-02-06 08:34 - 00000000 ____D () C:\Program Files\FreeFileViewer2015-02-06 08:34 - 2015-02-06 08:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\FreeFileViewer2015-02-06 08:31 - 2015-02-06 08:32 - 00000000 ____D () C:\Program Files\IntelliTerm_1.10.0.82015-02-02 08:19 - 2015-02-02 08:22 - 00000000 ____D () C:\Documents and Settings\Jane\Application Data\Apple Computer2015-02-02 08:19 - 2015-02-02 08:19 - 00000000 ____D () C:\Documents and Settings\Jane\Local Settings\Application Data\Apple Computer2015-01-28 08:16 - 2015-01-28 08:16 - 00000000 ____D () C:\Program Files\Mozilla Firefox2015-01-21 13:50 - 2015-01-21 13:50 - 00052728 _____ (Intelli Term) C:\WINDOWS\system32\Drivers\itnfd_1_10_0_8.sys==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2015-02-16 15:54 - 2007-03-26 14:44 - 00000000 ____D () C:\Documents and Settings\Jane\Local Settings\Temp2015-02-16 15:52 - 2011-06-22 12:20 - 00106296 _____ (JMicron Technology Corp.) C:\WINDOWS\system32\Drivers\jraid.sys2015-02-16 15:52 - 2007-03-28 17:02 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups2015-02-16 15:52 - 2007-03-26 14:37 - 01220037 _____ () C:\WINDOWS\WindowsUpdate.log2015-02-16 15:51 - 2014-02-21 09:11 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2015-02-16 15:51 - 2014-02-19 12:43 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job2015-02-16 15:48 - 2014-02-19 12:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ProductData2015-02-16 15:46 - 2007-03-26 14:43 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp2015-02-16 15:45 - 2015-01-12 10:44 - 00000270 _____ () C:\WINDOWS\Tasks\Driver Booster Update.job2015-02-16 15:45 - 2015-01-12 10:44 - 00000268 _____ () C:\WINDOWS\Tasks\Driver Booster Scan.job2015-02-16 15:45 - 2011-06-22 13:04 - 00000000 _____ () C:\Documents and Settings\All Users\Application Data\Gpu.log2015-02-16 15:44 - 2014-04-18 09:52 - 00000396 _____ () C:\WINDOWS\Tasks\ProgramUpdateCheck.job2015-02-16 15:44 - 2014-02-21 09:11 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2015-02-16 15:44 - 2014-02-19 12:43 - 00000270 _____ () C:\WINDOWS\Tasks\ASC7_PerformanceMonitor.job2015-02-16 15:44 - 2013-01-25 08:24 - 00000342 _____ () C:\WINDOWS\Tasks\ROC_JAN2013_TB_rmv.job2015-02-16 15:44 - 2011-07-06 06:57 - 00000268 _____ () C:\WINDOWS\Tasks\ASC4_PerformanceMonitor.job2015-02-16 15:44 - 2007-03-26 14:43 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2015-02-16 15:44 - 2004-08-04 06:00 - 00012652 _____ () C:\WINDOWS\system32\wpa.dbl2015-02-16 15:43 - 2015-01-08 08:31 - 00108632 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2015-02-16 15:43 - 2007-04-02 15:18 - 00000000 ____D () C:\Documents and Settings\Matt\Local Settings\Temp2015-02-16 15:38 - 2007-03-26 06:25 - 00522814 _____ () C:\WINDOWS\system32\PerfStringBackup.INI2015-02-16 15:36 - 2012-09-03 13:14 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job2015-02-16 15:35 - 2007-04-02 15:18 - 00000000 ____D () C:\Documents and Settings\Matt2015-02-16 15:31 - 2007-04-02 15:18 - 00000278 ___SH () C:\Documents and Settings\Matt\ntuser.ini2015-02-16 14:00 - 2014-07-07 13:50 - 00000454 _____ () C:\WINDOWS\Tasks\At4.job2015-02-16 13:20 - 2014-04-04 07:49 - 35028992 _____ () C:\WINDOWS\system32\config\software.iodefrag.bak2015-02-16 13:20 - 2014-04-04 07:49 - 05054464 _____ () C:\WINDOWS\system32\config\default.iodefrag.bak2015-02-16 13:20 - 2014-04-04 07:49 - 00057344 _____ () C:\WINDOWS\system32\config\SECURITY.iodefrag.bak2015-02-16 13:20 - 2014-04-04 07:49 - 00032768 _____ () C:\WINDOWS\system32\config\SAM.iodefrag.bak2015-02-16 13:20 - 2007-03-26 14:44 - 00000000 ____D () C:\Documents and Settings\Jane2015-02-16 13:20 - 2007-03-26 14:43 - 00000000 __SHD () C:\Documents and Settings\NetworkService2015-02-16 13:20 - 2007-03-26 14:43 - 00000000 __SHD () C:\Documents and Settings\LocalService2015-02-16 13:19 - 2007-03-26 14:44 - 00000278 ___SH () C:\Documents and Settings\Jane\ntuser.ini2015-02-16 13:19 - 2007-03-26 14:43 - 00000178 ___SH () C:\Documents and Settings\LocalService\ntuser.ini2015-02-16 10:53 - 2014-02-08 10:52 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\FileTypeAssistant2015-02-16 10:53 - 2014-02-08 10:50 - 00000448 _____ () C:\WINDOWS\Tasks\ProgramRefresh-ATFST.job2015-02-16 10:52 - 2014-02-08 10:50 - 00000000 ____D () C:\Program Files\File Type Assistant2015-02-16 10:50 - 2014-08-22 06:56 - 00000000 ____D () C:\Documents and Settings\Jane\My Documents\Curtis Meds2015-02-16 10:10 - 2014-07-07 13:50 - 00000454 _____ () C:\WINDOWS\Tasks\At1.job2015-02-16 09:05 - 2012-02-24 07:07 - 00000000 ____D () C:\Documents and Settings\Jane\My Documents\trustee mtg2015-02-16 09:04 - 2010-01-02 12:15 - 00000000 ____D () C:\Documents and Settings\Jane\My Documents\Otter Creek Township2015-02-16 08:09 - 2014-02-19 12:42 - 00001846 _____ () C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 7.lnk2015-02-16 08:05 - 2014-02-20 08:57 - 35028992 _____ () C:\WINDOWS\system32\config\software.iobit2015-02-16 08:05 - 2014-02-20 08:57 - 05054464 _____ () C:\WINDOWS\system32\config\default.iobit2015-02-16 08:05 - 2014-02-20 08:57 - 00057344 _____ () C:\WINDOWS\system32\config\SECURITY.iobit2015-02-16 08:05 - 2014-02-20 08:57 - 00032768 _____ () C:\WINDOWS\system32\config\SAM.iobit2015-02-13 15:43 - 2007-03-28 14:30 - 00000278 ___SH () C:\Documents and Settings\Curtis\ntuser.ini2015-02-13 15:43 - 2007-03-28 14:30 - 00000000 ____D () C:\Documents and Settings\Curtis2015-02-13 15:29 - 2007-03-28 14:30 - 00000000 ____D () C:\Documents and Settings\Curtis\Local Settings\Temp2015-02-13 15:27 - 2007-04-01 10:03 - 00002479 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk2015-02-13 15:26 - 2013-11-23 11:31 - 00641024 _____ () C:\Documents and Settings\Curtis\Desktop\VMI 13.xls2015-02-13 14:50 - 2014-07-07 13:50 - 00000454 _____ () C:\WINDOWS\Tasks\At3.job2015-02-12 16:02 - 2014-08-09 15:19 - 00163328 _____ () C:\Documents and Settings\Jane\Desktop\Otter Creek 2014-15.xls2015-02-10 08:59 - 2007-04-02 18:26 - 00000037 _____ () C:\WINDOWS\PcMars.Ini2015-02-06 11:31 - 2007-04-02 18:45 - 00002471 _____ () C:\Documents and Settings\Curtis\Desktop\Microsoft Excel.lnk2015-02-06 08:57 - 2014-08-27 13:22 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk2015-02-06 08:46 - 2013-10-19 17:12 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\IObit2015-02-06 08:37 - 2012-09-03 13:14 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe2015-02-06 08:37 - 2012-03-11 13:14 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl2015-02-06 08:34 - 2014-02-08 10:50 - 00000000 ____D () C:\Documents and Settings\Jane\Local Settings\Application Data\FileTypeAssistant2015-02-06 08:32 - 2015-01-08 08:03 - 00001602 _____ () C:\Documents and Settings\Jane\Desktop\Internet.lnk2015-02-06 08:32 - 2010-06-13 09:46 - 00000761 _____ () C:\Documents and Settings\Jane\Desktop\Internet Explorer.lnk2015-01-28 11:04 - 2014-02-21 09:42 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service2015-01-26 16:01 - 2013-09-26 08:51 - 00000000 ____D () C:\Documents and Settings\Jane\My Documents\Transamerica2015-01-26 07:34 - 2007-04-01 10:03 - 00002429 _____ () C:\Documents and Settings\All Users\Start Menu\New Office Document.lnk==================== Files in the root of some directories =======2007-11-21 20:47 - 2007-11-21 21:33 - 0005632 _____ () C:\Documents and Settings\Jane\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2010-07-26 19:06 - 2010-07-26 19:06 - 0000127 _____ () C:\Documents and Settings\Jane\Local Settings\Application Data\fusioncache.datFiles to move or delete:====================C:\Windows\Tasks\At1.jobC:\Windows\Tasks\At2.jobC:\Windows\Tasks\At3.jobC:\Windows\Tasks\At4.jobSome content of TEMP:====================C:\Documents and Settings\Jane\Local Settings\Temp\mpam-e7828fc6.exeC:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-c2f95a55.exe==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\WINDOWS\explorer.exe => File is digitally signedC:\WINDOWS\system32\winlogon.exe => File is digitally signedC:\WINDOWS\system32\svchost.exe => File is digitally signedC:\WINDOWS\system32\services.exe => File is digitally signedC:\WINDOWS\system32\User32.dll => File is digitally signedC:\WINDOWS\system32\userinit.exe => File is digitally signedC:\WINDOWS\system32\rpcss.dll => File is digitally signedC:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed==================== End Of Log ============================ Second log file Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015Ran by Jane (administrator) on JANE-A916F8D39A on 16-02-2015 15:53:11Running from C:\Documents and Settings\Jane\My Documents\DownloadsLoaded Profiles: Jane (Available profiles: Jane & Curtis & Matt)Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)Internet Explorer Version 8 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(IObit) C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE(ASUSTeK Computer Inc.) C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\realplay.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe(America Online, Inc.) C:\WINDOWS\system32\PackethSvc.exe() C:\Program Files\Flip Video\FlipShare\FlipShareService.exe() C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe(Brand Affinity Technologies) C:\Program Files\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe(IObit) C:\Program Files\IObit\Driver Booster\DriverBooster.exe(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe(IObit) C:\Program Files\IObit\Advanced SystemCare 7\DelayLoad.exe(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [18790432 2010-01-29] (Realtek Semiconductor Corp.)HKLM\...\Run: [Gpu Boost Driver] => C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe [1137280 2010-03-27] (ASUSTeK Computer Inc.)HKLM\...\Run: [RealTray] => C:\Program Files\Real\RealPlayer\RealPlay.exe [26112 2011-10-12] (RealNetworks, Inc.)HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-08-10] (Apple Inc.)HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)Winlogon\Notify\avgrsstarter: C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess?HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0HKLM\...\Policies\Explorer: [NoResolveSearch] 1HKU\S-1-5-21-436374069-1614895754-682003330-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)HKU\S-1-5-21-436374069-1614895754-682003330-1003\...\MountPoints2: {fe4625b5-db91-11db-b9d7-806d6172696f} - D:\Setup.EXEIFEO\FFVCFG.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exeIFEO\FFVCheckForUpdates.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exeIFEO\FreeFileViewer.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exeStartup: C:\Documents and Settings\Curtis\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8620.lnkShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8620.lnk -> C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPStatusBL.dll (Hewlett-Packard Co.)SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No FileShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbclHKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =HKU\S-1-5-21-436374069-1614895754-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://binkiland.com/?f=1&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir=HKU\S-1-5-21-436374069-1614895754-682003330-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchURLSearchHook: HKU\S-1-5-21-436374069-1614895754-682003330-1003 - (No Name) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - No FileURLSearchHook: HKU\S-1-5-21-436374069-1614895754-682003330-1003 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No FileURLSearchHook: HKU\S-1-5-21-436374069-1614895754-682003330-1003 - (No Name) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - No FileSearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =SearchScopes: HKLM -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=tb50aoldesktopie7SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir=SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}SearchScopes: HKLM -> {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^UX^xdm038^YY^us&si=google_directions&ptb=AD8DE84C-491D-4D3F-807E-60187F67C903&ind=2013032110&n=77fc6eae&psa=&st=sb&searchfor={searchTerms}SearchScopes: HKLM -> {BF144835-A0ED-4C47-8BFB-1BBB97113BD9} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70aSearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir=SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL =SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir=SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> {8ED9E20E-6BF6-41F7-89A5-6F9351D816CD} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=file0202ie&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0SyBzztBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=2033812561&ir=SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg.com/search?cid={D501F91E-D740-4231-BD67-FF748F810857}&mid=d23dcf4916a0bbe372fbdbe9df1c76d7-a6a989b8055c0b6bde40d5e8e923ebb17c87ac5d〈=us&ds=AVG&pr=fr&d=2011-12-0908:04:25&v=12.2.5.32&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> {BF144835-A0ED-4C47-8BFB-1BBB97113BD9} URL =SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}BHO: No Name -> {03EB0E9C-7A91-4381-A220-9B52B641CDB1} -> No FileBHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)BHO: No Name -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> No FileBHO: No Name -> {1e91a655-bb4b-4693-a05e-2edebc4c9d89} -> No FileBHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No FileBHO: No Name -> {71c1d63a-c944-428a-a5bd-ba513190e5d2} -> No FileBHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No FileBHO: No Name -> {8A86D350-37AB-410A-8531-7D1363F317B3} -> No FileBHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO: No Name -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> No FileBHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No FileToolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No FileToolbar: HKLM - No Name - {364ea597-e728-4ce4-bb4a-ed846ef47970} - No FileToolbar: HKLM - No Name - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - No FileToolbar: HKLM - No Name - {10921475-03CE-4E04-90CE-E2E7EF20C814} - No FileToolbar: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No FileToolbar: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No FileToolbar: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No FileToolbar: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabHandler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"Winsock: Catalog5 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"Tcpip\Parameters: [DhcpNameServer] 192.168.1.1StartMenuInternet: IEXPLORE.EXE - iexplore.exeFireFox:========FF ProfilePath: C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\w8lh5aib.defaultFF DefaultSearchEngine: BinkilandFF SearchEngineOrder.1: MysearchdialFF SelectedSearchEngine: BinkilandFF Homepage: hxxp://binkiland.com/?f=1&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir=FF Keyword.URL: hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=AD8DE84C-491D-4D3F-807E-60187F67C903&n=77fc6c5b&ind=2013031515&p2=^UX^xdm038^YY^us&si=google_directions&searchfor=FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @MapsGalaxy_39.com/Plugin -> C:\Program Files\MapsGalaxy_39\bar\1.bin\NP39Stub.dll No FileFF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()FF user.js: detected! => C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\w8lh5aib.default\user.jsFF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdnu.dll (AOL LLC)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdnupdater2.dll (AOL LLC)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)FF SearchPlugin: C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\w8lh5aib.default\searchplugins\Binkiland.xmlFF SearchPlugin: C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\w8lh5aib.default\searchplugins\my-web-search.xmlFF SearchPlugin: C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\w8lh5aib.default\searchplugins\Mysearchdial.xmlFF SearchPlugin: C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\w8lh5aib.default\searchplugins\yahoo_ff.xmlFF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\w8lh5aib.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2014-02-26]FF HKLM\...\Firefox\Extensions: [{3f963a5b-e555-4543-90e2-c3908898db71}] - C:\Program Files\AVG\AVG8\FirefoxFF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-06-22]FF HKLM\...\Firefox\Extensions: [39ffxtbr@MapsGalaxy_39.com] - C:\Program Files\MapsGalaxy_39\bar\1.binFF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-19]StartMenuInternet: FIREFOX.EXE - firefox.exeChrome:=======CHR HomePage: Default -> hxxp://binkiland.com/?f=1&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir=CHR StartupUrls: Default -> "hxxp://binkiland.com/?f=7&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir=", "hxxp://www.google.com/"CHR DefaultSearchKeyword: Default -> binkiland.comCHR DefaultSearchURL: Default -> http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir=CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}CHR Profile: C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-27]CHR Extension: (Google Drive) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-27]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]CHR Extension: (YouTube) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-27]CHR Extension: (Google Search) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-27]CHR Extension: (Avast Online Security) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-04]CHR Extension: (Google Wallet) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-27]CHR Extension: (Fantapper) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ohgcjecomkebbohfjgmncelbhogbbokf [2014-08-27]CHR Extension: (Gmail) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-27]CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-07]CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2013-12-27]CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Documents and Settings\Curtis\Local Settings\Application Data\Slick Savings\coupons.crx [Not Found]CHR HKLM\...\Chrome\Extension: [ohgcjecomkebbohfjgmncelbhogbbokf] - C:\Program Files\Brand Affinity Technologies\Fantapper Player\\fantapper_gi20111005.crx [2011-12-15]CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]========================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 AdvancedSystemCareService7; C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe [893216 2014-08-18] (IObit)S4 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-07] (AVAST Software)R2 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [460144 2010-12-15] ()R2 FlipShareServer; C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2010-12-15] () [File not signed]R2 FTSvc; C:\Program Files\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe [11776 2011-12-15] (Brand Affinity Technologies) [File not signed]S4 itsvc_1.10.0.8; C:\Program Files\IntelliTerm_1.10.0.8\Service\itsvc.exe [278608 2015-01-21] (Intelli Term)R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-05-07] (Oracle Corporation)S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [0 2014-05-20] () <==== ATTENTION (zero size file/folder)R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)R2 PackethSvc; C:\WINDOWS\system32\PackethSvc.exe [51200 2000-12-07] (America Online, Inc.) [File not signed]S3 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [65536 2004-03-18] (HP) [File not signed]==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [2310272 2005-01-28] (Realtek Semiconductor Corp.)S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-17] (Creative)R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)R3 AODDriver; C:\Program Files\ASUS\GPU Boost Driver\i386\AODDriver.sys [36864 2010-03-12] (Advanced Micro Devices) [File not signed]R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [11296 2009-08-03] ()R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2015-01-07] ()R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2015-01-07] (AVAST Software)R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2015-01-07] (AVAST Software)R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2015-01-07] ()R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2015-01-07] (AVAST Software)R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2015-01-07] (AVAST Software)R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2015-01-07] (AVAST Software)R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2015-01-07] ()S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51088 2004-06-22] (HP)S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2004-06-22] (HP)S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2004-06-22] (HP)R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2015-01-12] (REALiX)R1 itnfd_1_10_0_8; C:\WINDOWS\System32\drivers\itnfd_1_10_0_8.sys [52728 2015-01-21] (Intelli Term)R0 JRAID; C:\WINDOWS\System32\DRIVERS\jraid.sys [106296 2015-02-16] (JMicron Technology Corp.)S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [108632 2015-02-16] (Malwarebytes Corporation)S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-17] (Creative Technology Ltd.)R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)R1 MpKsl22395e4f; C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1CA72FEF-4A58-43D0-9009-FE9122FE0809}\MpKsl22395e4f.sys [29904 2015-02-16] (Microsoft Corporation)R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-12] ()R0 nvatabus; C:\WINDOWS\System32\DRIVERS\nvatabus.sys [79360 2004-06-02] (NVIDIA Corporation)S3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [33280 2004-05-17] (NVIDIA Corporation)S3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [12928 2004-05-17] (NVIDIA Corporation)R0 nv_agp; C:\WINDOWS\System32\DRIVERS\nv_agp.sys [21760 2004-04-02] (NVIDIA Corporation)R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)R3 wandrv; C:\WINDOWS\System32\DRIVERS\wandrv.sys [22640 2000-12-03] (America Online, Inc.)S2 11281; \??\C:\DOCUME~1\Curtis\LOCALS~1\Temp\11281.sys [X]S4 IntelIde; No ImagePathS2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X]S4 LMIRfsClientNP; No ImagePathU5 P3; C:\Windows\System32\Drivers\P3.sys [42752 2008-04-13] (Microsoft Corporation)U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)U1 WS2IFSL; No ImagePath==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2015-02-16 15:53 - 2015-02-16 15:53 - 00000000 ____D () C:\FRST2015-02-16 15:52 - 2015-02-16 15:52 - 00007072 _____ () C:\WINDOWS\setupapi.log2015-02-16 15:52 - 2015-02-16 15:52 - 00000000 ____D () C:\WINDOWS\LastGood2015-02-16 14:39 - 2015-02-16 15:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)2015-02-16 14:00 - 2015-02-16 14:02 - 16466552 _____ (Malwarebytes Corp.) C:\Documents and Settings\Matt\Desktop\mbar-1.08.3.1004.exe2015-02-16 13:45 - 2015-02-16 15:43 - 00000000 ____D () C:\Documents and Settings\Matt\Desktop\mbar2015-02-16 13:36 - 2015-02-16 13:36 - 00000000 ____D () C:\Documents and Settings\Jane\Desktop\mbar2015-02-16 13:20 - 2015-02-16 13:20 - 35028992 _____ () C:\WINDOWS\system32\config\software.iodefrag2015-02-16 13:20 - 2015-02-16 13:20 - 05054464 _____ () C:\WINDOWS\system32\config\default.iodefrag2015-02-16 13:20 - 2015-02-16 13:20 - 00057344 _____ () C:\WINDOWS\system32\config\SECURITY.iodefrag2015-02-16 13:20 - 2015-02-16 13:20 - 00032768 _____ () C:\WINDOWS\system32\config\SAM.iodefrag2015-02-16 13:20 - 2015-02-16 13:20 - 00000000 _____ () C:\asc_rdflag2015-02-16 13:17 - 2015-02-16 14:39 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2015-02-16 09:21 - 2015-02-16 09:21 - 00000529 _____ () C:\Documents and Settings\Jane\Desktop\Shortcut to Alburnett Historical Society.lnk2015-02-16 07:52 - 2015-02-16 15:46 - 00000159 _____ () C:\WINDOWS\wiadebug.log2015-02-16 07:51 - 2015-02-16 15:46 - 00000049 _____ () C:\WINDOWS\wiaservc.log2015-02-16 07:51 - 2015-02-16 07:51 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log2015-02-16 07:50 - 2015-02-16 14:15 - 00032454 _____ () C:\WINDOWS\SchedLgU.Txt2015-02-12 15:42 - 2015-02-16 09:53 - 00000000 ____D () C:\Documents and Settings\Jane\My Documents\Alburnett Historical Society2015-02-07 09:37 - 2015-02-07 09:40 - 00000000 ____D () C:\Documents and Settings\Jane\Application Data\FreeFileViewer2015-02-06 08:37 - 2015-02-06 08:37 - 00000000 ____D () C:\Documents and Settings\Jane\Local Settings\Application Data\Binkiland2015-02-06 08:34 - 2015-02-06 08:35 - 00000000 ____D () C:\Documents and Settings\Jane\Local Settings\Application Data\FreeFileViewer2015-02-06 08:34 - 2015-02-06 08:34 - 00000754 _____ () C:\Documents and Settings\Jane\Desktop\FreeFileViewer.lnk2015-02-06 08:34 - 2015-02-06 08:34 - 00000754 _____ () C:\Documents and Settings\All Users\Start Menu\FreeFileViewer.lnk2015-02-06 08:34 - 2015-02-06 08:34 - 00000000 ____D () C:\Program Files\FreeFileViewer2015-02-06 08:34 - 2015-02-06 08:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\FreeFileViewer2015-02-06 08:31 - 2015-02-06 08:32 - 00000000 ____D () C:\Program Files\IntelliTerm_1.10.0.82015-02-02 08:19 - 2015-02-02 08:22 - 00000000 ____D () C:\Documents and Settings\Jane\Application Data\Apple Computer2015-02-02 08:19 - 2015-02-02 08:19 - 00000000 ____D () C:\Documents and Settings\Jane\Local Settings\Application Data\Apple Computer2015-01-28 08:16 - 2015-01-28 08:16 - 00000000 ____D () C:\Program Files\Mozilla Firefox2015-01-21 13:50 - 2015-01-21 13:50 - 00052728 _____ (Intelli Term) C:\WINDOWS\system32\Drivers\itnfd_1_10_0_8.sys==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2015-02-16 15:54 - 2007-03-26 14:44 - 00000000 ____D () C:\Documents and Settings\Jane\Local Settings\Temp2015-02-16 15:52 - 2011-06-22 12:20 - 00106296 _____ (JMicron Technology Corp.) C:\WINDOWS\system32\Drivers\jraid.sys2015-02-16 15:52 - 2007-03-28 17:02 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups2015-02-16 15:52 - 2007-03-26 14:37 - 01220037 _____ () C:\WINDOWS\WindowsUpdate.log2015-02-16 15:51 - 2014-02-21 09:11 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2015-02-16 15:51 - 2014-02-19 12:43 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job2015-02-16 15:48 - 2014-02-19 12:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ProductData2015-02-16 15:46 - 2007-03-26 14:43 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp2015-02-16 15:45 - 2015-01-12 10:44 - 00000270 _____ () C:\WINDOWS\Tasks\Driver Booster Update.job2015-02-16 15:45 - 2015-01-12 10:44 - 00000268 _____ () C:\WINDOWS\Tasks\Driver Booster Scan.job2015-02-16 15:45 - 2011-06-22 13:04 - 00000000 _____ () C:\Documents and Settings\All Users\Application Data\Gpu.log2015-02-16 15:44 - 2014-04-18 09:52 - 00000396 _____ () C:\WINDOWS\Tasks\ProgramUpdateCheck.job2015-02-16 15:44 - 2014-02-21 09:11 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2015-02-16 15:44 - 2014-02-19 12:43 - 00000270 _____ () C:\WINDOWS\Tasks\ASC7_PerformanceMonitor.job2015-02-16 15:44 - 2013-01-25 08:24 - 00000342 _____ () C:\WINDOWS\Tasks\ROC_JAN2013_TB_rmv.job2015-02-16 15:44 - 2011-07-06 06:57 - 00000268 _____ () C:\WINDOWS\Tasks\ASC4_PerformanceMonitor.job2015-02-16 15:44 - 2007-03-26 14:43 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2015-02-16 15:44 - 2004-08-04 06:00 - 00012652 _____ () C:\WINDOWS\system32\wpa.dbl2015-02-16 15:43 - 2015-01-08 08:31 - 00108632 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2015-02-16 15:43 - 2007-04-02 15:18 - 00000000 ____D () C:\Documents and Settings\Matt\Local Settings\Temp2015-02-16 15:38 - 2007-03-26 06:25 - 00522814 _____ () C:\WINDOWS\system32\PerfStringBackup.INI2015-02-16 15:36 - 2012-09-03 13:14 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job2015-02-16 15:35 - 2007-04-02 15:18 - 00000000 ____D () C:\Documents and Settings\Matt2015-02-16 15:31 - 2007-04-02 15:18 - 00000278 ___SH () C:\Documents and Settings\Matt\ntuser.ini2015-02-16 14:00 - 2014-07-07 13:50 - 00000454 _____ () C:\WINDOWS\Tasks\At4.job2015-02-16 13:20 - 2014-04-04 07:49 - 35028992 _____ () C:\WINDOWS\system32\config\software.iodefrag.bak2015-02-16 13:20 - 2014-04-04 07:49 - 05054464 _____ () C:\WINDOWS\system32\config\default.iodefrag.bak2015-02-16 13:20 - 2014-04-04 07:49 - 00057344 _____ () C:\WINDOWS\system32\config\SECURITY.iodefrag.bak2015-02-16 13:20 - 2014-04-04 07:49 - 00032768 _____ () C:\WINDOWS\system32\config\SAM.iodefrag.bak2015-02-16 13:20 - 2007-03-26 14:44 - 00000000 ____D () C:\Documents and Settings\Jane2015-02-16 13:20 - 2007-03-26 14:43 - 00000000 __SHD () C:\Documents and Settings\NetworkService2015-02-16 13:20 - 2007-03-26 14:43 - 00000000 __SHD () C:\Documents and Settings\LocalService2015-02-16 13:19 - 2007-03-26 14:44 - 00000278 ___SH () C:\Documents and Settings\Jane\ntuser.ini2015-02-16 13:19 - 2007-03-26 14:43 - 00000178 ___SH () C:\Documents and Settings\LocalService\ntuser.ini2015-02-16 10:53 - 2014-02-08 10:52 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\FileTypeAssistant2015-02-16 10:53 - 2014-02-08 10:50 - 00000448 _____ () C:\WINDOWS\Tasks\ProgramRefresh-ATFST.job2015-02-16 10:52 - 2014-02-08 10:50 - 00000000 ____D () C:\Program Files\File Type Assistant2015-02-16 10:50 - 2014-08-22 06:56 - 00000000 ____D () C:\Documents and Settings\Jane\My Documents\Curtis Meds2015-02-16 10:10 - 2014-07-07 13:50 - 00000454 _____ () C:\WINDOWS\Tasks\At1.job2015-02-16 09:05 - 2012-02-24 07:07 - 00000000 ____D () C:\Documents and Settings\Jane\My Documents\trustee mtg2015-02-16 09:04 - 2010-01-02 12:15 - 00000000 ____D () C:\Documents and Settings\Jane\My Documents\Otter Creek Township2015-02-16 08:09 - 2014-02-19 12:42 - 00001846 _____ () C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 7.lnk2015-02-16 08:05 - 2014-02-20 08:57 - 35028992 _____ () C:\WINDOWS\system32\config\software.iobit2015-02-16 08:05 - 2014-02-20 08:57 - 05054464 _____ () C:\WINDOWS\system32\config\default.iobit2015-02-16 08:05 - 2014-02-20 08:57 - 00057344 _____ () C:\WINDOWS\system32\config\SECURITY.iobit2015-02-16 08:05 - 2014-02-20 08:57 - 00032768 _____ () C:\WINDOWS\system32\config\SAM.iobit2015-02-13 15:43 - 2007-03-28 14:30 - 00000278 ___SH () C:\Documents and Settings\Curtis\ntuser.ini2015-02-13 15:43 - 2007-03-28 14:30 - 00000000 ____D () C:\Documents and Settings\Curtis2015-02-13 15:29 - 2007-03-28 14:30 - 00000000 ____D () C:\Documents and Settings\Curtis\Local Settings\Temp2015-02-13 15:27 - 2007-04-01 10:03 - 00002479 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk2015-02-13 15:26 - 2013-11-23 11:31 - 00641024 _____ () C:\Documents and Settings\Curtis\Desktop\VMI 13.xls2015-02-13 14:50 - 2014-07-07 13:50 - 00000454 _____ () C:\WINDOWS\Tasks\At3.job2015-02-12 16:02 - 2014-08-09 15:19 - 00163328 _____ () C:\Documents and Settings\Jane\Desktop\Otter Creek 2014-15.xls2015-02-10 08:59 - 2007-04-02 18:26 - 00000037 _____ () C:\WINDOWS\PcMars.Ini2015-02-06 11:31 - 2007-04-02 18:45 - 00002471 _____ () C:\Documents and Settings\Curtis\Desktop\Microsoft Excel.lnk2015-02-06 08:57 - 2014-08-27 13:22 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk2015-02-06 08:46 - 2013-10-19 17:12 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\IObit2015-02-06 08:37 - 2012-09-03 13:14 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe2015-02-06 08:37 - 2012-03-11 13:14 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl2015-02-06 08:34 - 2014-02-08 10:50 - 00000000 ____D () C:\Documents and Settings\Jane\Local Settings\Application Data\FileTypeAssistant2015-02-06 08:32 - 2015-01-08 08:03 - 00001602 _____ () C:\Documents and Settings\Jane\Desktop\Internet.lnk2015-02-06 08:32 - 2010-06-13 09:46 - 00000761 _____ () C:\Documents and Settings\Jane\Desktop\Internet Explorer.lnk2015-01-28 11:04 - 2014-02-21 09:42 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service2015-01-26 16:01 - 2013-09-26 08:51 - 00000000 ____D () C:\Documents and Settings\Jane\My Documents\Transamerica2015-01-26 07:34 - 2007-04-01 10:03 - 00002429 _____ () C:\Documents and Settings\All Users\Start Menu\New Office Document.lnk==================== Files in the root of some directories =======2007-11-21 20:47 - 2007-11-21 21:33 - 0005632 _____ () C:\Documents and Settings\Jane\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2010-07-26 19:06 - 2010-07-26 19:06 - 0000127 _____ () C:\Documents and Settings\Jane\Local Settings\Application Data\fusioncache.datFiles to move or delete:====================C:\Windows\Tasks\At1.jobC:\Windows\Tasks\At2.jobC:\Windows\Tasks\At3.jobC:\Windows\Tasks\At4.jobSome content of TEMP:====================C:\Documents and Settings\Jane\Local Settings\Temp\mpam-e7828fc6.exeC:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-c2f95a55.exe==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\WINDOWS\explorer.exe => File is digitally signedC:\WINDOWS\system32\winlogon.exe => File is digitally signedC:\WINDOWS\system32\svchost.exe => File is digitally signedC:\WINDOWS\system32\services.exe => File is digitally signedC:\WINDOWS\system32\User32.dll => File is digitally signedC:\WINDOWS\system32\userinit.exe => File is digitally signedC:\WINDOWS\system32\rpcss.dll => File is digitally signedC:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed==================== End Of Log ============================ MBAR log Malwarebytes Anti-Rootkit BETA 1.08.3.1004www.malwarebytes.orgDatabase version: main: v2014.11.18.05 rootkit: v2014.11.12.01Windows XP Service Pack 3 x86 NTFS (Safe Mode)Internet Explorer 8.0.6001.18702Matt :: JANE-A916F8D39A [administrator]2/16/2015 2:39:40 PMmbar-log-2015-02-16 (14-39-40).txtScan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled:Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.Objects scanned: 401933Time elapsed: 31 minute(s), 16 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 3HKU\S-1-5-21-436374069-1614895754-682003330-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Delete on reboot. [0934fd40e29a59ddcbe94e8022e06d93]HKU\S-1-5-21-436374069-1614895754-682003330-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Delete on reboot. [0934fd40e29a59ddcbe94e8022e06d93]HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Delete on reboot. [0934fd40e29a59ddcbe94e8022e06d93]Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 6C:\RECYCLER\S-1-5-18\$dd22bd2f6e4f737edcb1d597cc7a6660\U (Trojan.Siredef.C) -> Delete on reboot. [380556e7e19b4de9a67c38c941bfb24e]C:\RECYCLER\S-1-5-21-436374069-1614895754-682003330-1003\$dd22bd2f6e4f737edcb1d597cc7a6660\U (Trojan.Siredef.C) -> Delete on reboot. [49f452eb265671c5dd454cb58d731ce4]C:\RECYCLER\S-1-5-18\$dd22bd2f6e4f737edcb1d597cc7a6660\L (Trojan.Siredef.C) -> Delete on reboot. [330a2a137c001125de466e93fe0241bf]C:\RECYCLER\S-1-5-21-436374069-1614895754-682003330-1003\$dd22bd2f6e4f737edcb1d597cc7a6660\L (Trojan.Siredef.C) -> Delete on reboot. [98a599a493e9979f7ca88d74ec14f10f]C:\RECYCLER\S-1-5-18\$dd22bd2f6e4f737edcb1d597cc7a6660 (Trojan.Siredef.C) -> Delete on reboot. [c17c2518bebeb97dd55004fd98685aa6]C:\RECYCLER\S-1-5-21-436374069-1614895754-682003330-1003\$dd22bd2f6e4f737edcb1d597cc7a6660 (Trojan.Siredef.C) -> Delete on reboot. [51eccb726c102a0c3fe650b1d12fda26]Files Detected: 6C:\WINDOWS\SYSTEM32\drivers\acpi.sys (Rootkit.RLoader) -> Replace on reboot. [e8dec5b2a480301cc01e4127b900db4f]C:\RECYCLER\S-1-5-18\$dd22bd2f6e4f737edcb1d597cc7a6660\@ (Trojan.Siredef.C) -> Delete on reboot. [192419246616d95d75aa3ac797698f71]C:\RECYCLER\S-1-5-21-436374069-1614895754-682003330-1003\$dd22bd2f6e4f737edcb1d597cc7a6660\@ (Trojan.Siredef.C) -> Delete on reboot. [f548b885cdaf62d433ece61b12ee20e0]C:\RECYCLER\S-1-5-18\$dd22bd2f6e4f737edcb1d597cc7a6660\L\00000004.@ (Trojan.Siredef.C) -> Delete on reboot. [fd40a6979ae200366db026db52aef010]C:\RECYCLER\S-1-5-18\$dd22bd2f6e4f737edcb1d597cc7a6660\L\201d3dde (Trojan.Siredef.C) -> Delete on reboot. [d06dcd70adcf1b1b011c8b76cb3514ec]C:\RECYCLER\S-1-5-18\$dd22bd2f6e4f737edcb1d597cc7a6660\L\76603ac3 (Trojan.Siredef.C) -> Delete on reboot. [e657a09d0b716ec84dd0ab5603fdd22e]Physical Sectors Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
kevinf80 Posted February 16, 2015 ID:940248 Share Posted February 16, 2015 You`ve posted FRST.txt twice. I need to see Addition.txt. Logs are here: C:\FRST\Logs Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 21, 2015 Root Admin ID:941705 Share Posted February 21, 2015 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts