Jump to content

Recommended Posts

So I got this bikiniland malware. Whenever I open my Chrome browser two pages open; one for google (my set home page) and one for bikiniland. Chrome no longer searches on Google from the search bar, it automatically opens a bikinland search that is seemingly powered by Yahoo.

 

I uninstalled it and I though it was successful. But then after a restart, the same issue was happening, and today the short cut re appeared on my desktop. I have run Malware Bytes Anti-Malware a couple times, I have run AVG....I can't make anything work

 

Help Please!

 

Link to post
Share on other sites

Hello and welome,

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Post those two logs,

 

Kevin.

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01

Ran by Darcy (administrator) on RAINBOW on 18-02-2015 18:06:27

Running from C:\Users\Darcy\Downloads

Loaded Profiles: Darcy (Available profiles: Darcy)

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe

(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe

(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe

() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\loggingserver.exe

(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe

(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe

() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe

(AVG Secure Search) C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [90832 2012-06-07] (ASUS)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5264016 2012-08-16] (VIA)

HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [366720 2012-08-23] (Alcor Micro Corp.)

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)

HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-27] (ASUS Cloud Corporation)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740888 2013-04-24] (Sony Corporation)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2880536 2015-01-28] ()

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-1597484566-1518090749-2611657116-1001\...\Run: [spotify] => C:\Users\Darcy\AppData\Roaming\Spotify\Spotify.exe [6737976 2014-12-18] (Spotify Ltd)

HKU\S-1-5-21-1597484566-1518090749-2611657116-1001\...\Run: [spotify Web Helper] => C:\Users\Darcy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-18] (Spotify Ltd)

HKU\S-1-5-21-1597484566-1518090749-2611657116-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2015-01-28] (Garmin Ltd or its subsidiaries)

HKU\S-1-5-21-1597484566-1518090749-2611657116-1001\...\Run: [GoogleChromeAutoLaunch_F8DFCF0BAD1B80C7A3F10EF9FD5CBE02] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)

HKU\S-1-5-21-1597484566-1518090749-2611657116-1001\...\Run: [GOOGLECHROMEAUTOLAUNCH_89D0E6BF89FA7CCBE39FD3011A145702] => C:\Users\Darcy\AppData\Local\Binkiland\Application\binkiland.exe [1014272 2015-02-01] ()

IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

IFEO\express.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

IFEO\groove.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

IFEO\infopath.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

IFEO\insoncfg.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

IFEO\msaccess.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

IFEO\msoxmled.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

IFEO\mspub.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

IFEO\mstore.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

IFEO\offdiag.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

IFEO\ois.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

IFEO\outlook.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

IFEO\pmbbrowser.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

IFEO\pmbinit.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

IFEO\power4gear.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

IFEO\usbchargerplus.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)

ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)

ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-1597484566-1518090749-2611657116-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com

HKU\S-1-5-21-1597484566-1518090749-2611657116-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

SearchScopes: HKLM -> DefaultScope value is missing.

SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = 

SearchScopes: HKLM-x32 -> DefaultScope {22CE53E0-B9C8-4216-90CE-6307A27F32CA} URL = 


SearchScopes: HKU\S-1-5-21-1597484566-1518090749-2611657116-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-1597484566-1518090749-2611657116-1001 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289663&CUI=UN38884597553260213&UM=2


SearchScopes: HKU\S-1-5-21-1597484566-1518090749-2611657116-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={8816C840-E2BE-4D7F-ADC0-02373DFB7799}&mid=5b49a995ae1347cd9d02e1ccef670875-d879c0e569862a68ec8fed7726eaa85551653a0b〈=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-2917:19:28&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms}

BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.0.6.10\AVG Web TuneUp.dll (AVG)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.0.6.10\AVG Web TuneUp.dll (AVG)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.3.0\ViProtocol.dll (AVG Secure Search)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

 

FireFox:

========

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.3.0\\npsitesafety.dll No File

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.google.com/

CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://binkiland.com/?f=7&a=bnk_coinis_15_07&cd=2XzuyEtN2Y1L1QzuzzyEyE0B0FyDyD0F0A0ByC0BtDtC0D0AtN0D0Tzu0StCtCtAzytN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0Dzz0F0DtDyBtCtGtAyD0A0AtGyDyE0DtCtG0EtCzztDtGyB0A0DyB0CzyyCyCyCtBzyzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyByEyEyEtCzy0CtGtBzz0FyDtGyEyE0EtBtG0BtD0EtAtG0EtD0C0A0A0AtC0AyEyByBzy2Q&cr=421379645&ir="

CHR DefaultSearchKeyword: Default -> binkiland.com


CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

CHR Profile: C:\Users\Darcy\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Ask Toolbar) - C:\Users\Darcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk [2013-10-21]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Darcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]

CHR Extension: (YouTube) - C:\Users\Darcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-22]

CHR Extension: (Google Search) - C:\Users\Darcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-22]

CHR Extension: (Supernova) - C:\Users\Darcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegpgpjbmbggplclldecdbpcmopmlbll [2013-07-22]

CHR Extension: (Pin It Button) - C:\Users\Darcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-11-12]

CHR Extension: (Google Wallet) - C:\Users\Darcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]

CHR Extension: (Picasa) - C:\Users\Darcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2013-07-22]

CHR Extension: (Gmail) - C:\Users\Darcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-22]

CHR HKLM\...\Chrome\Extension: [aaaajpkhjdkhhnkmgfjodbkfpbmibkkk] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7\CRX\ToolbarCR.crx [2014-11-26]

CHR HKLM-x32\...\Chrome\Extension: [aaaajpkhjdkhhnkmgfjodbkfpbmibkkk] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7\CRX\ToolbarCR.crx [2014-11-26]

StartMenuInternet: Google Chrome - chrome.exe

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S4 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-10-30] () [File not signed]

S4 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)

S4 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [517464 2015-01-28] (Garmin Ltd or its subsidiaries)

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)

S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)

S4 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-04-24] (Sony Corporation)

R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2604856 2015-02-12] (AVG Technologies)

R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-14] (VIA Technologies, Inc.)

R2 vToolbarUpdater18.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe [1826328 2015-01-28] (AVG Secure Search)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)

R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [277784 2014-09-24] (AVG Technologies CZ, s.r.o.)

R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )

R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2015-01-13] (TuneUp Software)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-02-18 18:06 - 2015-02-18 18:07 - 00020811 _____ () C:\Users\Darcy\Downloads\FRST.txt

2015-02-18 18:06 - 2015-02-18 18:06 - 00000000 ____D () C:\FRST

2015-02-18 18:05 - 2015-02-18 18:05 - 02086912 _____ (Farbar) C:\Users\Darcy\Downloads\FRST64.exe

2015-02-16 20:12 - 2015-02-16 20:12 - 00002762 _____ () C:\WINDOWS\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013

2015-02-16 20:00 - 2015-02-16 20:00 - 00000000 ____D () C:\Users\Darcy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Binkiland

2015-02-16 20:00 - 2015-02-16 20:00 - 00000000 ____D () C:\Users\Darcy\AppData\Roaming\Binkiland

2015-02-16 20:00 - 2015-02-16 20:00 - 00000000 ____D () C:\Users\Darcy\AppData\Local\Binkiland

2015-02-16 20:00 - 2015-02-16 20:00 - 00000000 ____D () C:\Program Files (x86)\WSE_Binkiland

2015-02-13 19:22 - 2015-02-13 19:22 - 00000000 _____ () C:\WINDOWS\setuperr.log

2015-02-13 18:55 - 2015-02-13 18:55 - 00002247 _____ () C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk

2015-02-13 18:55 - 2015-02-13 18:55 - 00002233 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015.lnk

2015-02-13 18:55 - 2015-02-13 18:55 - 00002221 _____ () C:\Users\Public\Desktop\AVG PC TuneUp 2015.lnk

2015-02-13 18:55 - 2015-02-12 17:39 - 00041784 _____ (AVG Technologies) C:\WINDOWS\system32\TURegOpt.exe

2015-02-13 18:55 - 2015-02-12 17:39 - 00030520 _____ (AVG Technologies) C:\WINDOWS\system32\authuitu.dll

2015-02-13 18:55 - 2015-02-12 17:39 - 00025912 _____ (AVG Technologies) C:\WINDOWS\SysWOW64\authuitu.dll

2015-02-13 15:55 - 2015-02-13 15:55 - 00000000 ____D () C:\Program Files (x86)\DriverRestore

2015-02-13 14:52 - 2015-02-13 15:54 - 00000000 ____D () C:\Program Files (x86)\Tuneup computer

2015-02-13 14:52 - 2015-02-13 14:52 - 00003682 _____ () C:\WINDOWS\System32\Tasks\boosterpop

2015-02-13 14:52 - 2015-02-13 14:52 - 00003680 _____ () C:\WINDOWS\System32\Tasks\IEError

2015-02-13 14:52 - 2015-02-13 14:52 - 00003496 _____ () C:\WINDOWS\System32\Tasks\AI_Updater

2015-02-13 14:51 - 2015-02-13 14:51 - 00000000 ____D () C:\Users\Darcy\AppData\Local\PCTuner1

2015-02-13 14:25 - 2015-02-13 14:25 - 00000000 ____D () C:\WINDOWS\Sun

2015-02-13 14:24 - 2014-11-29 16:28 - 00272296 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe

2015-02-13 14:24 - 2014-11-29 16:28 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe

2015-02-13 14:24 - 2014-11-29 16:28 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe

2015-02-13 14:23 - 2015-02-13 14:23 - 00002342 _____ () C:\Users\Darcy\Desktop\Binkiland.lnk

2015-02-13 14:21 - 2015-02-16 20:00 - 00000000 ____D () C:\Users\Darcy\AppData\Local\2049160234

2015-02-13 14:21 - 2015-02-13 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore

2015-02-13 14:21 - 2015-02-13 15:55 - 00000000 ____D () C:\Program Files (x86)\Portable WeatherApp

2015-02-13 14:21 - 2015-02-13 14:21 - 00003650 _____ () C:\WINDOWS\System32\Tasks\IE_ERR4WDR

2015-02-13 14:21 - 2015-02-13 14:21 - 00003626 _____ () C:\WINDOWS\System32\Tasks\HDNINSTSCHD

2015-02-13 14:21 - 2015-02-13 14:21 - 00003492 _____ () C:\WINDOWS\System32\Tasks\UPDTEXE4_WDR

2015-02-13 14:21 - 2014-07-01 12:37 - 00020872 _____ (Phoenix Technologies) C:\WINDOWS\SysWOW64\Drivers\DrvAgent64.SYS

2015-02-11 15:06 - 2015-01-19 13:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll

2015-02-11 15:06 - 2014-12-08 18:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml

2015-02-11 15:05 - 2014-12-19 03:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll

2015-02-11 15:05 - 2014-12-19 03:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll

2015-02-11 14:56 - 2015-02-11 14:56 - 00000000 ____D () C:\Users\Darcy\Documents\Garmin

2015-02-11 14:54 - 2015-02-11 14:54 - 00001906 _____ () C:\Users\Public\Desktop\Garmin Express.lnk

2015-02-11 14:54 - 2015-02-11 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin

2015-02-11 14:53 - 2015-02-13 19:18 - 00003558 _____ () C:\WINDOWS\System32\Tasks\GarminUpdaterTask

2015-02-11 10:54 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2015-02-11 10:54 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2015-02-11 10:54 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2015-02-11 10:54 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll

2015-02-11 10:54 - 2015-01-11 21:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2015-02-11 10:54 - 2015-01-11 21:32 - 06041088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2015-02-11 10:54 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2015-02-11 10:54 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll

2015-02-11 10:54 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2015-02-11 10:54 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2015-02-11 10:54 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll

2015-02-11 10:54 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2015-02-11 10:54 - 2015-01-11 20:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll

2015-02-11 10:54 - 2015-01-11 20:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2015-02-11 10:54 - 2015-01-11 20:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll

2015-02-11 10:54 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2015-02-11 10:54 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2015-02-11 10:54 - 2015-01-11 20:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2015-02-11 10:54 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2015-02-11 10:54 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll

2015-02-11 10:54 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2015-02-11 10:54 - 2015-01-11 20:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll

2015-02-11 10:54 - 2015-01-11 20:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll

2015-02-11 10:54 - 2015-01-11 20:29 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2015-02-11 10:54 - 2015-01-11 20:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll

2015-02-11 10:54 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2015-02-11 10:54 - 2015-01-11 20:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll

2015-02-11 10:54 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2015-02-11 10:54 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2015-02-11 10:54 - 2015-01-11 20:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2015-02-11 10:54 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2015-02-11 10:54 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2015-02-11 10:54 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2015-02-11 10:54 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2015-02-11 10:54 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2015-02-11 10:54 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2015-02-11 10:54 - 2015-01-10 02:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll

2015-02-11 10:54 - 2015-01-10 01:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll

2015-02-11 10:54 - 2014-12-08 22:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll

2015-02-11 10:54 - 2014-12-08 20:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll

2015-02-11 10:53 - 2015-01-15 17:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys

2015-02-11 10:53 - 2015-01-15 17:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys

2015-02-11 10:53 - 2015-01-13 23:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll

2015-02-11 10:53 - 2015-01-13 22:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll

2015-02-11 10:53 - 2015-01-13 17:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll

2015-02-11 10:53 - 2015-01-13 17:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll

2015-02-11 10:53 - 2015-01-10 04:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2015-02-11 10:53 - 2015-01-10 04:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll

2015-02-11 10:53 - 2015-01-10 03:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll

2015-02-11 10:53 - 2014-10-28 21:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll

2015-02-11 10:53 - 2014-10-28 21:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll

2015-02-11 10:53 - 2014-10-28 20:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll

2015-02-11 10:53 - 2014-10-28 20:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll

2015-02-11 10:53 - 2014-10-28 20:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll

2015-02-11 10:53 - 2014-10-28 20:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe

2015-02-11 10:53 - 2014-10-28 20:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe

2015-02-11 10:53 - 2014-10-28 20:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe

2015-02-11 10:52 - 2015-01-10 03:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2015-02-06 14:19 - 2015-02-06 16:19 - 00000000 ____D () C:\Users\Darcy\Desktop\export

2015-01-19 16:20 - 2015-02-13 19:04 - 00000000 ____D () C:\WINDOWS\Minidump

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-02-18 18:06 - 2013-07-28 11:54 - 03697664 ___SH () C:\Users\Darcy\Downloads\Thumbs.db

2015-02-18 18:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2015-02-18 17:48 - 2015-01-16 19:30 - 00000000 ____D () C:\Users\Darcy\Desktop\To Be Kept on Computer

2015-02-18 17:27 - 2014-11-29 16:45 - 00000000 ____D () C:\ProgramData\MFAData

2015-02-18 17:10 - 2014-10-28 10:24 - 02037761 _____ () C:\WINDOWS\WindowsUpdate.log

2015-02-18 16:52 - 2014-11-28 00:03 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9D3CBD91-83D0-40AD-9627-FCFB724CA002}

2015-02-18 16:51 - 2013-03-27 18:49 - 00000380 _____ () C:\Users\Darcy\AppData\Roaming\sp_data.sys

2015-02-17 22:25 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2015-02-16 20:22 - 2013-03-27 18:56 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1597484566-1518090749-2611657116-1001

2015-02-16 19:57 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2015-02-13 19:22 - 2014-12-02 20:37 - 00004677 _____ () C:\WINDOWS\setupact.log

2015-02-13 19:22 - 2014-09-24 02:03 - 00225228 _____ () C:\WINDOWS\PFRO.log

2015-02-13 19:22 - 2014-06-25 17:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-02-13 19:22 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2015-02-13 19:22 - 2013-03-27 18:55 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2015-02-13 19:22 - 2013-03-27 18:55 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-02-13 19:21 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI

2015-02-13 19:20 - 2012-09-25 22:02 - 00003056 _____ () C:\WINDOWS\System32\Tasks\ASUS P4G

2015-02-13 19:19 - 2014-11-29 17:45 - 00003706 _____ () C:\WINDOWS\System32\Tasks\Java Platform SE Auto Updater

2015-02-13 19:19 - 2013-03-27 19:22 - 00003544 _____ () C:\WINDOWS\System32\Tasks\ASUS Touchpad Launcher (x64)

2015-02-13 19:19 - 2012-09-25 22:04 - 00003028 _____ () C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus

2015-02-13 19:18 - 2013-03-27 18:55 - 00003896 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2015-02-13 19:18 - 2013-03-27 18:55 - 00003660 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2015-02-13 19:04 - 2013-04-07 16:43 - 00000000 ____D () C:\Users\Darcy\AppData\Local\Microsoft Help

2015-02-13 18:26 - 2014-06-25 17:15 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-02-13 18:26 - 2013-09-29 20:56 - 00000000 ____D () C:\Users\Darcy\AppData\Local\CRE

2015-02-13 16:39 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache

2015-02-13 16:02 - 2014-06-25 17:15 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-02-13 16:02 - 2014-06-25 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-02-13 16:00 - 2013-03-27 18:46 - 00000000 ____D () C:\Users\Darcy\AppData\Local\Packages

2015-02-13 15:54 - 2014-11-29 16:28 - 00000000 ____D () C:\Program Files (x86)\Java

2015-02-13 14:41 - 2013-08-22 09:44 - 00481208 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

2015-02-13 14:30 - 2014-11-29 16:47 - 00000000 ____D () C:\ProgramData\AVG2015

2015-02-13 14:24 - 2013-10-21 17:46 - 00000000 ____D () C:\ProgramData\Oracle

2015-02-13 14:21 - 2013-09-29 20:58 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-02-12 14:22 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM

2015-02-11 15:36 - 2013-08-15 13:37 - 00000000 ____D () C:\WINDOWS\system32\MRT

2015-02-11 15:29 - 2013-03-30 23:40 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2015-02-11 15:28 - 2013-04-07 16:43 - 00000000 ____D () C:\ProgramData\Microsoft Help

2015-02-11 14:55 - 2013-05-23 16:23 - 00000000 ____D () C:\ProgramData\Garmin

2015-02-11 14:54 - 2013-05-23 16:24 - 00000000 ____D () C:\Users\Darcy\AppData\Roaming\Garmin

2015-02-11 14:54 - 2013-05-23 16:23 - 00000000 ____D () C:\ProgramData\Package Cache

2015-02-11 14:54 - 2013-05-23 16:23 - 00000000 ____D () C:\Program Files (x86)\Garmin

2015-02-11 14:54 - 2012-09-25 21:56 - 00000000 ____D () C:\Program Files\DIFX

2015-02-06 16:18 - 2014-02-28 19:14 - 00000671 ____H () C:\Users\Darcy\Downloads\.picasa.ini

2015-02-03 14:31 - 2014-11-09 21:39 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2015-02-03 14:31 - 2014-11-09 21:39 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2015-02-01 15:10 - 2013-05-05 16:24 - 00112640 ___SH () C:\Users\Darcy\Desktop\Thumbs.db

2015-01-31 22:45 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF

2015-01-31 22:25 - 2015-01-16 21:10 - 00000000 ____D () C:\Users\Darcy\Desktop\photos 2015

2015-01-28 18:33 - 2014-11-29 17:19 - 00000000 ____D () C:\Program Files\AVG Web TuneUp

2015-01-28 18:33 - 2014-11-29 17:19 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp

2015-01-20 21:07 - 2014-10-28 10:06 - 00000000 ____D () C:\Users\Darcy

2015-01-20 12:39 - 2013-03-27 20:00 - 00002041 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk

2015-01-20 12:39 - 2012-08-04 20:42 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

2015-01-19 14:57 - 2014-09-24 02:15 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

 

==================== Files in the root of some directories =======

 

2013-03-27 18:49 - 2015-02-18 16:51 - 0000380 _____ () C:\Users\Darcy\AppData\Roaming\sp_data.sys

2013-05-13 21:00 - 2013-06-25 16:39 - 0009728 _____ () C:\Users\Darcy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-08-04 20:42 - 2012-07-30 01:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd

2012-08-04 20:42 - 2009-07-22 05:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe

 

Files to move or delete:

====================

C:\ProgramData\SetStretch.exe

 

 

Some content of TEMP:

====================

C:\Users\Darcy\AppData\Local\Temp\BNKStubSetup.exe

C:\Users\Darcy\AppData\Local\Temp\DRHelper_installFinish.exe

C:\Users\Darcy\AppData\Local\Temp\DRHelper_installStart.exe

C:\Users\Darcy\AppData\Local\Temp\DRHelper_uninstallComplete.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-02-16 20:23

 

==================== End Of Log ============================

 

 

 

How do I attach the "addition" log? i have tried several times but it seems not to work....

Link to post
Share on other sites

Thanks for the logs, continue as follows:

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

When the scan is completed from the main GUI click on History > Application Logs. Find your Scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"

Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to  your reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

 

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window

In the "Scan Type" window, select Quick Scan

Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

 

1) Select the Windows key and R key together to open the "Run" function

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

 

notepad c:\windows\debug\mrt.log

 

Let me see those logs, also give an update on any remaining issues or concerns....

 

Thanks,

 

Kevin...

 

 

 

Fixlist.txt

Link to post
Share on other sites

Thanks for those logs, couple of steps still to do:

 

Adobe Reader is outdated...

Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

 

Step 1 - Select your Operating System.

Step 2 - Select your Langauge.

Step 3 - Select latest version.

 

Untick the option for any security scanner or toolbar if offered.

 

Download and install.

 

Having the latest updates ensures there are no security vulnerabilities in your system.

 

Next,

 

Your Java javaicon.gif is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

 

Upgrading Java:

 

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

 

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them. <<-- Very Important

 

Next

 

To clean up:

 

Download "Delfix by Xplode" and save it to your desktop.

 

Or use the following if first link is down:

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 

 


    Remove disinfection tools
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Any remnant files/logs from tools we have used can be deleted…

 

Finally,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Let me know if we can close out....

 

Kevin.

Link to post
Share on other sites

we can close out. "I am satisfied with my care!" Thank you for saving my computer and my ass. you guys rocks. I have read the article and appreciate the advice too!

 

I really cant thank you enough. 

 

I am totally donating to your cause. So I know because I am curious....does the donation go to malware bytes or to you directly? (IMHO you deserve it)

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.