djdarcestar Posted February 18, 2015 ID:940848 Share Posted February 18, 2015 So I got this bikiniland malware. Whenever I open my Chrome browser two pages open; one for google (my set home page) and one for bikiniland. Chrome no longer searches on Google from the search bar, it automatically opens a bikinland search that is seemingly powered by Yahoo. I uninstalled it and I though it was successful. But then after a restart, the same issue was happening, and today the short cut re appeared on my desktop. I have run Malware Bytes Anti-Malware a couple times, I have run AVG....I can't make anything work Help Please! Link to post Share on other sites More sharing options...
kevinf80 Posted February 18, 2015 ID:940851 Share Posted February 18, 2015 Hello and welome, P2P/Piracy Warning: If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy. Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Post those two logs, Kevin. Link to post Share on other sites More sharing options...
djdarcestar Posted February 18, 2015 Author ID:940853 Share Posted February 18, 2015 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01Ran by Darcy (administrator) on RAINBOW on 18-02-2015 18:06:27Running from C:\Users\Darcy\DownloadsLoaded Profiles: Darcy (Available profiles: Darcy)Platform: Windows 8.1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\loggingserver.exe(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe(AVG Secure Search) C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [90832 2012-06-07] (ASUS)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5264016 2012-08-16] (VIA)HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [366720 2012-08-23] (Alcor Micro Corp.)HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-27] (ASUS Cloud Corporation)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740888 2013-04-24] (Sony Corporation)HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2880536 2015-01-28] ()Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-1597484566-1518090749-2611657116-1001\...\Run: [spotify] => C:\Users\Darcy\AppData\Roaming\Spotify\Spotify.exe [6737976 2014-12-18] (Spotify Ltd)HKU\S-1-5-21-1597484566-1518090749-2611657116-1001\...\Run: [spotify Web Helper] => C:\Users\Darcy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-18] (Spotify Ltd)HKU\S-1-5-21-1597484566-1518090749-2611657116-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2015-01-28] (Garmin Ltd or its subsidiaries)HKU\S-1-5-21-1597484566-1518090749-2611657116-1001\...\Run: [GoogleChromeAutoLaunch_F8DFCF0BAD1B80C7A3F10EF9FD5CBE02] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)HKU\S-1-5-21-1597484566-1518090749-2611657116-1001\...\Run: [GOOGLECHROMEAUTOLAUNCH_89D0E6BF89FA7CCBE39FD3011A145702] => C:\Users\Darcy\AppData\Local\Binkiland\Application\binkiland.exe [1014272 2015-02-01] ()IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO\express.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO\groove.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO\infopath.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO\insoncfg.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO\msaccess.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO\msoxmled.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO\mspub.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO\mstore.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO\offdiag.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO\ois.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO\outlook.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO\pmbbrowser.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO\pmbinit.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO\power4gear.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO\usbchargerplus.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-1597484566-1518090749-2611657116-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.comHKU\S-1-5-21-1597484566-1518090749-2611657116-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ieSearchScopes: HKLM -> DefaultScope value is missing.SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = SearchScopes: HKLM-x32 -> DefaultScope {22CE53E0-B9C8-4216-90CE-6307A27F32CA} URL = SearchScopes: HKU\S-1-5-21-1597484566-1518090749-2611657116-1001 -> DefaultScope {22CE53E0-B9C8-4216-90CE-6307A27F32CA} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_coinis_15_07&cd=2XzuyEtN2Y1L1QzuzzyEyE0B0FyDyD0F0A0ByC0BtDtC0D0AtN0D0Tzu0StCtCtAzytN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0Dzz0F0DtDyBtCtGtAyD0A0AtGyDyE0DtCtG0EtCzztDtGyB0A0DyB0CzyyCyCyCtBzyzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyByEyEyEtCzy0CtGtBzz0FyDtGyEyE0EtBtG0BtD0EtAtG0EtD0C0A0A0AtC0AyEyByBzy2Q&cr=421379645&ir=SearchScopes: HKU\S-1-5-21-1597484566-1518090749-2611657116-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1597484566-1518090749-2611657116-1001 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289663&CUI=UN38884597553260213&UM=2SearchScopes: HKU\S-1-5-21-1597484566-1518090749-2611657116-1001 -> {22CE53E0-B9C8-4216-90CE-6307A27F32CA} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_coinis_15_07&cd=2XzuyEtN2Y1L1QzuzzyEyE0B0FyDyD0F0A0ByC0BtDtC0D0AtN0D0Tzu0StCtCtAzytN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0Dzz0F0DtDyBtCtGtAyD0A0AtGyDyE0DtCtG0EtCzztDtGyB0A0DyB0CzyyCyCyCtBzyzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyByEyEyEtCzy0CtGtBzz0FyDtGyEyE0EtBtG0BtD0EtAtG0EtD0C0A0A0AtC0AyEyByBzy2Q&cr=421379645&ir=SearchScopes: HKU\S-1-5-21-1597484566-1518090749-2611657116-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={8816C840-E2BE-4D7F-ADC0-02373DFB7799}&mid=5b49a995ae1347cd9d02e1ccef670875-d879c0e569862a68ec8fed7726eaa85551653a0b〈=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-2917:19:28&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms} BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.0.6.10\AVG Web TuneUp.dll (AVG)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.0.6.10\AVG Web TuneUp.dll (AVG)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.3.0\ViProtocol.dll (AVG Secure Search)Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox:========FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.3.0\\npsitesafety.dll No FileFF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK Chrome: =======CHR HomePage: Default -> hxxp://www.google.com/CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://binkiland.com/?f=7&a=bnk_coinis_15_07&cd=2XzuyEtN2Y1L1QzuzzyEyE0B0FyDyD0F0A0ByC0BtDtC0D0AtN0D0Tzu0StCtCtAzytN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0Dzz0F0DtDyBtCtGtAyD0A0AtGyDyE0DtCtG0EtCzztDtGyB0A0DyB0CzyyCyCyCtBzyzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyByEyEyEtCzy0CtGtBzz0FyDtGyEyE0EtBtG0BtD0EtAtG0EtD0C0A0A0AtC0AyEyByBzy2Q&cr=421379645&ir="CHR DefaultSearchKeyword: Default -> binkiland.comCHR DefaultSearchURL: Default -> http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_coinis_15_07&cd=2XzuyEtN2Y1L1QzuzzyEyE0B0FyDyD0F0A0ByC0BtDtC0D0AtN0D0Tzu0StCtCtAzytN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0Dzz0F0DtDyBtCtGtAyD0A0AtGyDyE0DtCtG0EtCzztDtGyB0A0DyB0CzyyCyCyCtBzyzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyByEyEyEtCzy0CtGtBzz0FyDtGyEyE0EtBtG0BtD0EtAtG0EtD0C0A0A0AtC0AyEyByBzy2Q&cr=421379645&ir=CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}CHR Profile: C:\Users\Darcy\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Ask Toolbar) - C:\Users\Darcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk [2013-10-21]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Darcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]CHR Extension: (YouTube) - C:\Users\Darcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-22]CHR Extension: (Google Search) - C:\Users\Darcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-22]CHR Extension: (Supernova) - C:\Users\Darcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegpgpjbmbggplclldecdbpcmopmlbll [2013-07-22]CHR Extension: (Pin It Button) - C:\Users\Darcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-11-12]CHR Extension: (Google Wallet) - C:\Users\Darcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]CHR Extension: (Picasa) - C:\Users\Darcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2013-07-22]CHR Extension: (Gmail) - C:\Users\Darcy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-22]CHR HKLM\...\Chrome\Extension: [aaaajpkhjdkhhnkmgfjodbkfpbmibkkk] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7\CRX\ToolbarCR.crx [2014-11-26]CHR HKLM-x32\...\Chrome\Extension: [aaaajpkhjdkhhnkmgfjodbkfpbmibkkk] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7\CRX\ToolbarCR.crx [2014-11-26]StartMenuInternet: Google Chrome - chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-10-30] () [File not signed]S4 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)S4 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [517464 2015-01-28] (Garmin Ltd or its subsidiaries)R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)S4 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-04-24] (Sony Corporation)R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2604856 2015-02-12] (AVG Technologies)R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-14] (VIA Technologies, Inc.)R2 vToolbarUpdater18.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe [1826328 2015-01-28] (AVG Secure Search)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [277784 2014-09-24] (AVG Technologies CZ, s.r.o.)R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2015-01-13] (TuneUp Software)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-18 18:06 - 2015-02-18 18:07 - 00020811 _____ () C:\Users\Darcy\Downloads\FRST.txt2015-02-18 18:06 - 2015-02-18 18:06 - 00000000 ____D () C:\FRST2015-02-18 18:05 - 2015-02-18 18:05 - 02086912 _____ (Farbar) C:\Users\Darcy\Downloads\FRST64.exe2015-02-16 20:12 - 2015-02-16 20:12 - 00002762 _____ () C:\WINDOWS\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance20132015-02-16 20:00 - 2015-02-16 20:00 - 00000000 ____D () C:\Users\Darcy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Binkiland2015-02-16 20:00 - 2015-02-16 20:00 - 00000000 ____D () C:\Users\Darcy\AppData\Roaming\Binkiland2015-02-16 20:00 - 2015-02-16 20:00 - 00000000 ____D () C:\Users\Darcy\AppData\Local\Binkiland2015-02-16 20:00 - 2015-02-16 20:00 - 00000000 ____D () C:\Program Files (x86)\WSE_Binkiland2015-02-13 19:22 - 2015-02-13 19:22 - 00000000 _____ () C:\WINDOWS\setuperr.log2015-02-13 18:55 - 2015-02-13 18:55 - 00002247 _____ () C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk2015-02-13 18:55 - 2015-02-13 18:55 - 00002233 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015.lnk2015-02-13 18:55 - 2015-02-13 18:55 - 00002221 _____ () C:\Users\Public\Desktop\AVG PC TuneUp 2015.lnk2015-02-13 18:55 - 2015-02-12 17:39 - 00041784 _____ (AVG Technologies) C:\WINDOWS\system32\TURegOpt.exe2015-02-13 18:55 - 2015-02-12 17:39 - 00030520 _____ (AVG Technologies) C:\WINDOWS\system32\authuitu.dll2015-02-13 18:55 - 2015-02-12 17:39 - 00025912 _____ (AVG Technologies) C:\WINDOWS\SysWOW64\authuitu.dll2015-02-13 15:55 - 2015-02-13 15:55 - 00000000 ____D () C:\Program Files (x86)\DriverRestore2015-02-13 14:52 - 2015-02-13 15:54 - 00000000 ____D () C:\Program Files (x86)\Tuneup computer2015-02-13 14:52 - 2015-02-13 14:52 - 00003682 _____ () C:\WINDOWS\System32\Tasks\boosterpop2015-02-13 14:52 - 2015-02-13 14:52 - 00003680 _____ () C:\WINDOWS\System32\Tasks\IEError2015-02-13 14:52 - 2015-02-13 14:52 - 00003496 _____ () C:\WINDOWS\System32\Tasks\AI_Updater2015-02-13 14:51 - 2015-02-13 14:51 - 00000000 ____D () C:\Users\Darcy\AppData\Local\PCTuner12015-02-13 14:25 - 2015-02-13 14:25 - 00000000 ____D () C:\WINDOWS\Sun2015-02-13 14:24 - 2014-11-29 16:28 - 00272296 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe2015-02-13 14:24 - 2014-11-29 16:28 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe2015-02-13 14:24 - 2014-11-29 16:28 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe2015-02-13 14:23 - 2015-02-13 14:23 - 00002342 _____ () C:\Users\Darcy\Desktop\Binkiland.lnk2015-02-13 14:21 - 2015-02-16 20:00 - 00000000 ____D () C:\Users\Darcy\AppData\Local\20491602342015-02-13 14:21 - 2015-02-13 15:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore2015-02-13 14:21 - 2015-02-13 15:55 - 00000000 ____D () C:\Program Files (x86)\Portable WeatherApp2015-02-13 14:21 - 2015-02-13 14:21 - 00003650 _____ () C:\WINDOWS\System32\Tasks\IE_ERR4WDR2015-02-13 14:21 - 2015-02-13 14:21 - 00003626 _____ () C:\WINDOWS\System32\Tasks\HDNINSTSCHD2015-02-13 14:21 - 2015-02-13 14:21 - 00003492 _____ () C:\WINDOWS\System32\Tasks\UPDTEXE4_WDR2015-02-13 14:21 - 2014-07-01 12:37 - 00020872 _____ (Phoenix Technologies) C:\WINDOWS\SysWOW64\Drivers\DrvAgent64.SYS2015-02-11 15:06 - 2015-01-19 13:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll2015-02-11 15:06 - 2014-12-08 18:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml2015-02-11 15:05 - 2014-12-19 03:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll2015-02-11 15:05 - 2014-12-19 03:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll2015-02-11 14:56 - 2015-02-11 14:56 - 00000000 ____D () C:\Users\Darcy\Documents\Garmin2015-02-11 14:54 - 2015-02-11 14:54 - 00001906 _____ () C:\Users\Public\Desktop\Garmin Express.lnk2015-02-11 14:54 - 2015-02-11 14:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin2015-02-11 14:53 - 2015-02-13 19:18 - 00003558 _____ () C:\WINDOWS\System32\Tasks\GarminUpdaterTask2015-02-11 10:54 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2015-02-11 10:54 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2015-02-11 10:54 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll2015-02-11 10:54 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll2015-02-11 10:54 - 2015-01-11 21:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll2015-02-11 10:54 - 2015-01-11 21:32 - 06041088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2015-02-11 10:54 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2015-02-11 10:54 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll2015-02-11 10:54 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll2015-02-11 10:54 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll2015-02-11 10:54 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll2015-02-11 10:54 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2015-02-11 10:54 - 2015-01-11 20:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll2015-02-11 10:54 - 2015-01-11 20:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll2015-02-11 10:54 - 2015-01-11 20:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll2015-02-11 10:54 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll2015-02-11 10:54 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe2015-02-11 10:54 - 2015-01-11 20:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll2015-02-11 10:54 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl2015-02-11 10:54 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll2015-02-11 10:54 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2015-02-11 10:54 - 2015-01-11 20:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll2015-02-11 10:54 - 2015-01-11 20:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll2015-02-11 10:54 - 2015-01-11 20:29 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2015-02-11 10:54 - 2015-01-11 20:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll2015-02-11 10:54 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll2015-02-11 10:54 - 2015-01-11 20:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll2015-02-11 10:54 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl2015-02-11 10:54 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll2015-02-11 10:54 - 2015-01-11 20:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll2015-02-11 10:54 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2015-02-11 10:54 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll2015-02-11 10:54 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll2015-02-11 10:54 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll2015-02-11 10:54 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll2015-02-11 10:54 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll2015-02-11 10:54 - 2015-01-10 02:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll2015-02-11 10:54 - 2015-01-10 01:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll2015-02-11 10:54 - 2014-12-08 22:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll2015-02-11 10:54 - 2014-12-08 20:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll2015-02-11 10:53 - 2015-01-15 17:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys2015-02-11 10:53 - 2015-01-15 17:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys2015-02-11 10:53 - 2015-01-13 23:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll2015-02-11 10:53 - 2015-01-13 22:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll2015-02-11 10:53 - 2015-01-13 17:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll2015-02-11 10:53 - 2015-01-13 17:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll2015-02-11 10:53 - 2015-01-10 04:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe2015-02-11 10:53 - 2015-01-10 04:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll2015-02-11 10:53 - 2015-01-10 03:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll2015-02-11 10:53 - 2014-10-28 21:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll2015-02-11 10:53 - 2014-10-28 21:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll2015-02-11 10:53 - 2014-10-28 20:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll2015-02-11 10:53 - 2014-10-28 20:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll2015-02-11 10:53 - 2014-10-28 20:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll2015-02-11 10:53 - 2014-10-28 20:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe2015-02-11 10:53 - 2014-10-28 20:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe2015-02-11 10:53 - 2014-10-28 20:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe2015-02-11 10:52 - 2015-01-10 03:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys2015-02-06 14:19 - 2015-02-06 16:19 - 00000000 ____D () C:\Users\Darcy\Desktop\export2015-01-19 16:20 - 2015-02-13 19:04 - 00000000 ____D () C:\WINDOWS\Minidump ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-18 18:06 - 2013-07-28 11:54 - 03697664 ___SH () C:\Users\Darcy\Downloads\Thumbs.db2015-02-18 18:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru2015-02-18 17:48 - 2015-01-16 19:30 - 00000000 ____D () C:\Users\Darcy\Desktop\To Be Kept on Computer2015-02-18 17:27 - 2014-11-29 16:45 - 00000000 ____D () C:\ProgramData\MFAData2015-02-18 17:10 - 2014-10-28 10:24 - 02037761 _____ () C:\WINDOWS\WindowsUpdate.log2015-02-18 16:52 - 2014-11-28 00:03 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9D3CBD91-83D0-40AD-9627-FCFB724CA002}2015-02-18 16:51 - 2013-03-27 18:49 - 00000380 _____ () C:\Users\Darcy\AppData\Roaming\sp_data.sys2015-02-17 22:25 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp2015-02-16 20:22 - 2013-03-27 18:56 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1597484566-1518090749-2611657116-10012015-02-16 19:57 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness2015-02-13 19:22 - 2014-12-02 20:37 - 00004677 _____ () C:\WINDOWS\setupact.log2015-02-13 19:22 - 2014-09-24 02:03 - 00225228 _____ () C:\WINDOWS\PFRO.log2015-02-13 19:22 - 2014-06-25 17:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2015-02-13 19:22 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2015-02-13 19:22 - 2013-03-27 18:55 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2015-02-13 19:22 - 2013-03-27 18:55 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2015-02-13 19:21 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI2015-02-13 19:20 - 2012-09-25 22:02 - 00003056 _____ () C:\WINDOWS\System32\Tasks\ASUS P4G2015-02-13 19:19 - 2014-11-29 17:45 - 00003706 _____ () C:\WINDOWS\System32\Tasks\Java Platform SE Auto Updater2015-02-13 19:19 - 2013-03-27 19:22 - 00003544 _____ () C:\WINDOWS\System32\Tasks\ASUS Touchpad Launcher (x64)2015-02-13 19:19 - 2012-09-25 22:04 - 00003028 _____ () C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus2015-02-13 19:18 - 2013-03-27 18:55 - 00003896 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA2015-02-13 19:18 - 2013-03-27 18:55 - 00003660 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore2015-02-13 19:04 - 2013-04-07 16:43 - 00000000 ____D () C:\Users\Darcy\AppData\Local\Microsoft Help2015-02-13 18:26 - 2014-06-25 17:15 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2015-02-13 18:26 - 2013-09-29 20:56 - 00000000 ____D () C:\Users\Darcy\AppData\Local\CRE2015-02-13 16:39 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache2015-02-13 16:02 - 2014-06-25 17:15 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-02-13 16:02 - 2014-06-25 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-02-13 16:00 - 2013-03-27 18:46 - 00000000 ____D () C:\Users\Darcy\AppData\Local\Packages2015-02-13 15:54 - 2014-11-29 16:28 - 00000000 ____D () C:\Program Files (x86)\Java2015-02-13 14:41 - 2013-08-22 09:44 - 00481208 _____ () C:\WINDOWS\system32\FNTCACHE.DAT2015-02-13 14:30 - 2014-11-29 16:47 - 00000000 ____D () C:\ProgramData\AVG20152015-02-13 14:24 - 2013-10-21 17:46 - 00000000 ____D () C:\ProgramData\Oracle2015-02-13 14:21 - 2013-09-29 20:58 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2015-02-12 14:22 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM2015-02-11 15:36 - 2013-08-15 13:37 - 00000000 ____D () C:\WINDOWS\system32\MRT2015-02-11 15:29 - 2013-03-30 23:40 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2015-02-11 15:28 - 2013-04-07 16:43 - 00000000 ____D () C:\ProgramData\Microsoft Help2015-02-11 14:55 - 2013-05-23 16:23 - 00000000 ____D () C:\ProgramData\Garmin2015-02-11 14:54 - 2013-05-23 16:24 - 00000000 ____D () C:\Users\Darcy\AppData\Roaming\Garmin2015-02-11 14:54 - 2013-05-23 16:23 - 00000000 ____D () C:\ProgramData\Package Cache2015-02-11 14:54 - 2013-05-23 16:23 - 00000000 ____D () C:\Program Files (x86)\Garmin2015-02-11 14:54 - 2012-09-25 21:56 - 00000000 ____D () C:\Program Files\DIFX2015-02-06 16:18 - 2014-02-28 19:14 - 00000671 ____H () C:\Users\Darcy\Downloads\.picasa.ini2015-02-03 14:31 - 2014-11-09 21:39 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe2015-02-03 14:31 - 2014-11-09 21:39 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl2015-02-01 15:10 - 2013-05-05 16:24 - 00112640 ___SH () C:\Users\Darcy\Desktop\Thumbs.db2015-01-31 22:45 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF2015-01-31 22:25 - 2015-01-16 21:10 - 00000000 ____D () C:\Users\Darcy\Desktop\photos 20152015-01-28 18:33 - 2014-11-29 17:19 - 00000000 ____D () C:\Program Files\AVG Web TuneUp2015-01-28 18:33 - 2014-11-29 17:19 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp2015-01-20 21:07 - 2014-10-28 10:06 - 00000000 ____D () C:\Users\Darcy2015-01-20 12:39 - 2013-03-27 20:00 - 00002041 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk2015-01-20 12:39 - 2012-08-04 20:42 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk2015-01-19 14:57 - 2014-09-24 02:15 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI ==================== Files in the root of some directories ======= 2013-03-27 18:49 - 2015-02-18 16:51 - 0000380 _____ () C:\Users\Darcy\AppData\Roaming\sp_data.sys2013-05-13 21:00 - 2013-06-25 16:39 - 0009728 _____ () C:\Users\Darcy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2012-08-04 20:42 - 2012-07-30 01:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd2012-08-04 20:42 - 2009-07-22 05:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe Files to move or delete:====================C:\ProgramData\SetStretch.exe Some content of TEMP:====================C:\Users\Darcy\AppData\Local\Temp\BNKStubSetup.exeC:\Users\Darcy\AppData\Local\Temp\DRHelper_installFinish.exeC:\Users\Darcy\AppData\Local\Temp\DRHelper_installStart.exeC:\Users\Darcy\AppData\Local\Temp\DRHelper_uninstallComplete.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-16 20:23 ==================== End Of Log ============================ How do I attach the "addition" log? i have tried several times but it seems not to work.... Link to post Share on other sites More sharing options...
djdarcestar Posted February 18, 2015 Author ID:940854 Share Posted February 18, 2015 Sorry I figured it out. Here they both areAddition.txtFRST.txt Link to post Share on other sites More sharing options...
kevinf80 Posted February 19, 2015 ID:940870 Share Posted February 19, 2015 Thanks for the logs, continue as follows: Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... linkWhen the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware. Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected. In most cases, a restart will be required. Wait for the prompt to restart the computer to appear, then click on Yes. When the scan is completed from the main GUI click on History > Application Logs. Find your Scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export" Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to your reply. Next, Download AdwCleaner by Xplode onto your Desktop. Double click on Adwcleaner.exe to run the tool. Click on Scan Once the scan is done, click on the Clean button. You will get a prompt asking to close all programs. Click OK. Click OK again to reboot your computer. A text file will open after the restart. Please post the content of that logfile in your reply. You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number Next, Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts. (re-enable when done)Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message. Next, Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktopEnsure to get the correct version for your system.... 32 Bit version:https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en64 Bit version:https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en Right click on the Tool, select “Run as Administrator” the tool will expand to the options WindowIn the "Scan Type" window, select Quick ScanPerform a scan and Click Finish when the scan is done.Retrieve the MSRT log as follows, and post it in your next reply: 1) Select the Windows key and R key together to open the "Run" function2) Type or Copy/Paste the following command to the "Run Line" and Press Enter: notepad c:\windows\debug\mrt.log Let me see those logs, also give an update on any remaining issues or concerns.... Thanks, Kevin... Fixlist.txt Link to post Share on other sites More sharing options...
djdarcestar Posted February 19, 2015 Author ID:940899 Share Posted February 19, 2015 Here yah go Thank you so so so so much! It seems to have worked! I really appreciate it. I think I got it downloading AVG or PC Tune Up. That's what came across to me. Either way, I appreciate it very much. You saved my computer seemingly, and my identity. Yay! Addition.txtFixlog.txtJRT.txtMRT.txtAdwCleanerS0.txt Link to post Share on other sites More sharing options...
kevinf80 Posted February 19, 2015 ID:941101 Share Posted February 19, 2015 Thanks for those logs, couple of steps still to do: Adobe Reader is outdated...Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader Step 1 - Select your Operating System.Step 2 - Select your Langauge.Step 3 - Select latest version. Untick the option for any security scanner or toolbar if offered. Download and install. Having the latest updates ensures there are no security vulnerabilities in your system. Next, Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.Please follow these steps to remove older version of Java components and upgrade the application. Upgrading Java: Go to http://java.com/en/ and click on "Do I have Java"It will check your current version and then offer to update to the latest versionWatch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it. ***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them. <<-- Very Important Next To clean up: Download "Delfix by Xplode" and save it to your desktop. Or use the following if first link is down: "Delfix link mirror" Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator Make Sure the following items are checked: Remove disinfection tools Purge System Restore Reset system settings Now click on "Run" and wait patiently until the tool has completed. The tool will create a log when it has completed. We don't need you to post this. Any remnant files/logs from tools we have used can be deleted… Finally, Read the following link to fully understand PC security and best practices, you may find it useful.... http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629 Let me know if we can close out.... Kevin. Link to post Share on other sites More sharing options...
djdarcestar Posted February 19, 2015 Author ID:941186 Share Posted February 19, 2015 we can close out. "I am satisfied with my care!" Thank you for saving my computer and my ass. you guys rocks. I have read the article and appreciate the advice too! I really cant thank you enough. I am totally donating to your cause. So I know because I am curious....does the donation go to malware bytes or to you directly? (IMHO you deserve it) Link to post Share on other sites More sharing options...
kevinf80 Posted February 19, 2015 ID:941194 Share Posted February 19, 2015 Thanks for the update, good to hear all is well. Any donations made to the paypal link in my signature will go direct to my account, I do appreciate any donations that are made.... Take care and surf safe, Kevin... Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 2, 2015 Root Admin ID:944276 Share Posted March 2, 2015 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts