Iowaparamed

Members

View Profile See their activity

Posts
3
Joined
February 16, 2015
Last visited
February 17, 2015

Reputation

0 Neutral

bikiniland

Iowaparamed replied to Iowaparamed's topic in Resolved Malware Removal Logs

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015 Ran by Jane (administrator) on JANE-A916F8D39A on 16-02-2015 15:53:11 Running from C:\Documents and Settings\Jane\My Documents\Downloads Loaded Profiles: Jane (Available profiles: Jane & Curtis & Matt) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IObit) C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE ( ASUSTeK Computer Inc.) C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\realplay.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe (America Online, Inc.) C:\WINDOWS\system32\PackethSvc.exe () C:\Program Files\Flip Video\FlipShare\FlipShareService.exe () C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe (Brand Affinity Technologies) C:\Program Files\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe (IObit) C:\Program Files\IObit\Driver Booster\DriverBooster.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (IObit) C:\Program Files\IObit\Advanced SystemCare 7\DelayLoad.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [18790432 2010-01-29] (Realtek Semiconductor Corp.) HKLM\...\Run: [Gpu Boost Driver] => C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe [1137280 2010-03-27] ( ASUSTeK Computer Inc.) HKLM\...\Run: [RealTray] => C:\Program Files\Real\RealPlayer\RealPlay.exe [26112 2011-10-12] (RealNetworks, Inc.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-08-10] (Apple Inc.) HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) Winlogon\Notify\avgrsstarter: C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.) HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess? HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0 HKLM\...\Policies\Explorer: [NoResolveSearch] 1 HKU\S-1-5-21-436374069-1614895754-682003330-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation) HKU\S-1-5-21-436374069-1614895754-682003330-1003\...\MountPoints2: {fe4625b5-db91-11db-b9d7-806d6172696f} - D:\Setup.EXE IFEO\FFVCFG.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe IFEO\FFVCheckForUpdates.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe IFEO\FreeFileViewer.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe Startup: C:\Documents and Settings\Curtis\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8620.lnk ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8620.lnk -> C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPStatusBL.dll (Hewlett-Packard Co.) SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-436374069-1614895754-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://binkiland.com/?f=1&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir= HKU\S-1-5-21-436374069-1614895754-682003330-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: HKU\S-1-5-21-436374069-1614895754-682003330-1003 - (No Name) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - No File URLSearchHook: HKU\S-1-5-21-436374069-1614895754-682003330-1003 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File URLSearchHook: HKU\S-1-5-21-436374069-1614895754-682003330-1003 - (No Name) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - No File SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = SearchScopes: HKLM -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=tb50aoldesktopie7 SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir= SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM -> {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^UX^xdm038^YY^us&si=google_directions&ptb=AD8DE84C-491D-4D3F-807E-60187F67C903&ind=2013032110&n=77fc6eae&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKLM -> {BF144835-A0ED-4C47-8BFB-1BBB97113BD9} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir= SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms} SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir= SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> {8ED9E20E-6BF6-41F7-89A5-6F9351D816CD} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=file0202ie&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0SyBzztBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=2033812561&ir= SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg.com/search?cid={D501F91E-D740-4231-BD67-FF748F810857}&mid=d23dcf4916a0bbe372fbdbe9df1c76d7-a6a989b8055c0b6bde40d5e8e923ebb17c87ac5d〈=us&ds=AVG&pr=fr&d=2011-12-0908:04:25&v=12.2.5.32&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> {BF144835-A0ED-4C47-8BFB-1BBB97113BD9} URL = SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} BHO: No Name -> {03EB0E9C-7A91-4381-A220-9B52B641CDB1} -> No File BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: No Name -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> No File BHO: No Name -> {1e91a655-bb4b-4693-a05e-2edebc4c9d89} -> No File BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File BHO: No Name -> {71c1d63a-c944-428a-a5bd-ba513190e5d2} -> No File BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File BHO: No Name -> {8A86D350-37AB-410A-8531-7D1363F317B3} -> No File BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: No Name -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> No File BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKLM - No Name - {364ea597-e728-4ce4-bb4a-ed846ef47970} - No File Toolbar: HKLM - No Name - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - No File Toolbar: HKLM - No Name - {10921475-03CE-4E04-90CE-E2E7EF20C814} - No File Toolbar: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File Toolbar: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog5 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\w8lh5aib.default FF DefaultSearchEngine: Binkiland FF SearchEngineOrder.1: Mysearchdial FF SelectedSearchEngine: Binkiland FF Homepage: hxxp://binkiland.com/?f=1&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir= FF Keyword.URL: hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=AD8DE84C-491D-4D3F-807E-60187F67C903&n=77fc6c5b&ind=2013031515&p2=^UX^xdm038^YY^us&si=google_directions&searchfor= FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @MapsGalaxy_39.com/Plugin -> C:\Program Files\MapsGalaxy_39\bar\1.bin\NP39Stub.dll No File FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF user.js: detected! => C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\w8lh5aib.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdnu.dll (AOL LLC) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdnupdater2.dll (AOL LLC) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF SearchPlugin: C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\w8lh5aib.default\searchplugins\Binkiland.xml FF SearchPlugin: C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\w8lh5aib.default\searchplugins\my-web-search.xml FF SearchPlugin: C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\w8lh5aib.default\searchplugins\Mysearchdial.xml FF SearchPlugin: C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\w8lh5aib.default\searchplugins\yahoo_ff.xml FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\w8lh5aib.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2014-02-26] FF HKLM\...\Firefox\Extensions: [{3f963a5b-e555-4543-90e2-c3908898db71}] - C:\Program Files\AVG\AVG8\Firefox FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-06-22] FF HKLM\...\Firefox\Extensions: [39ffxtbr@MapsGalaxy_39.com] - C:\Program Files\MapsGalaxy_39\bar\1.bin FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-19] StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR HomePage: Default -> hxxp://binkiland.com/?f=1&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir= CHR StartupUrls: Default -> "hxxp://binkiland.com/?f=7&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir=", "hxxp://www.google.com/" CHR DefaultSearchKeyword: Default -> binkiland.com CHR DefaultSearchURL: Default -> http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir= CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR Profile: C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-27] CHR Extension: (Google Drive) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-27] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04] CHR Extension: (YouTube) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-27] CHR Extension: (Google Search) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-27] CHR Extension: (Avast Online Security) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-04] CHR Extension: (Google Wallet) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-27] CHR Extension: (Fantapper) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ohgcjecomkebbohfjgmncelbhogbbokf [2014-08-27] CHR Extension: (Gmail) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-27] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-07] CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14] CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2013-12-27] CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Documents and Settings\Curtis\Local Settings\Application Data\Slick Savings\coupons.crx [Not Found] CHR HKLM\...\Chrome\Extension: [ohgcjecomkebbohfjgmncelbhogbbokf] - C:\Program Files\Brand Affinity Technologies\Fantapper Player\\fantapper_gi20111005.crx [2011-12-15] CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdvancedSystemCareService7; C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe [893216 2014-08-18] (IObit) S4 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-07] (AVAST Software) R2 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [460144 2010-12-15] () R2 FlipShareServer; C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2010-12-15] () [File not signed] R2 FTSvc; C:\Program Files\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe [11776 2011-12-15] (Brand Affinity Technologies) [File not signed] S4 itsvc_1.10.0.8; C:\Program Files\IntelliTerm_1.10.0.8\Service\itsvc.exe [278608 2015-01-21] (Intelli Term) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-05-07] (Oracle Corporation) S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [0 2014-05-20] () <==== ATTENTION (zero size file/folder) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation) R2 PackethSvc; C:\WINDOWS\system32\PackethSvc.exe [51200 2000-12-07] (America Online, Inc.) [File not signed] S3 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [65536 2004-03-18] (HP) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [2310272 2005-01-28] (Realtek Semiconductor Corp.) S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-17] (Creative) R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices) R3 AODDriver; C:\Program Files\ASUS\GPU Boost Driver\i386\AODDriver.sys [36864 2010-03-12] (Advanced Micro Devices) [File not signed] R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [11296 2009-08-03] () R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2015-01-07] () R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2015-01-07] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2015-01-07] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2015-01-07] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2015-01-07] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2015-01-07] (AVAST Software) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2015-01-07] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2015-01-07] () S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51088 2004-06-22] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2004-06-22] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2004-06-22] (HP) R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2015-01-12] (REALiX) R1 itnfd_1_10_0_8; C:\WINDOWS\System32\drivers\itnfd_1_10_0_8.sys [52728 2015-01-21] (Intelli Term) R0 JRAID; C:\WINDOWS\System32\DRIVERS\jraid.sys [106296 2015-02-16] (JMicron Technology Corp.) S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [108632 2015-02-16] (Malwarebytes Corporation) S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-17] (Creative Technology Ltd.) R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation) R1 MpKsl22395e4f; C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1CA72FEF-4A58-43D0-9009-FE9122FE0809}\MpKsl22395e4f.sys [29904 2015-02-16] (Microsoft Corporation) R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-12] () R0 nvatabus; C:\WINDOWS\System32\DRIVERS\nvatabus.sys [79360 2004-06-02] (NVIDIA Corporation) S3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [33280 2004-05-17] (NVIDIA Corporation) S3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [12928 2004-05-17] (NVIDIA Corporation) R0 nv_agp; C:\WINDOWS\System32\DRIVERS\nv_agp.sys [21760 2004-04-02] (NVIDIA Corporation) R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.) R3 wandrv; C:\WINDOWS\System32\DRIVERS\wandrv.sys [22640 2000-12-03] (America Online, Inc.) S2 11281; \??\C:\DOCUME~1\Curtis\LOCALS~1\Temp\11281.sys [X] S4 IntelIde; No ImagePath S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X] S4 LMIRfsClientNP; No ImagePath U5 P3; C:\Windows\System32\Drivers\P3.sys [42752 2008-04-13] (Microsoft Corporation) U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-16 15:53 - 2015-02-16 15:53 - 00000000 ____D () C:\FRST 2015-02-16 15:52 - 2015-02-16 15:52 - 00007072 _____ () C:\WINDOWS\setupapi.log 2015-02-16 15:52 - 2015-02-16 15:52 - 00000000 ____D () C:\WINDOWS\LastGood 2015-02-16 14:39 - 2015-02-16 15:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) 2015-02-16 14:00 - 2015-02-16 14:02 - 16466552 _____ (Malwarebytes Corp.) C:\Documents and Settings\Matt\Desktop\mbar-1.08.3.1004.exe 2015-02-16 13:45 - 2015-02-16 15:43 - 00000000 ____D () C:\Documents and Settings\Matt\Desktop\mbar 2015-02-16 13:36 - 2015-02-16 13:36 - 00000000 ____D () C:\Documents and Settings\Jane\Desktop\mbar 2015-02-16 13:20 - 2015-02-16 13:20 - 35028992 _____ () C:\WINDOWS\system32\config\software.iodefrag 2015-02-16 13:20 - 2015-02-16 13:20 - 05054464 _____ () C:\WINDOWS\system32\config\default.iodefrag 2015-02-16 13:20 - 2015-02-16 13:20 - 00057344 _____ () C:\WINDOWS\system32\config\SECURITY.iodefrag 2015-02-16 13:20 - 2015-02-16 13:20 - 00032768 _____ () C:\WINDOWS\system32\config\SAM.iodefrag 2015-02-16 13:20 - 2015-02-16 13:20 - 00000000 _____ () C:\asc_rdflag 2015-02-16 13:17 - 2015-02-16 14:39 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-02-16 09:21 - 2015-02-16 09:21 - 00000529 _____ () C:\Documents and Settings\Jane\Desktop\Shortcut to Alburnett Historical Society.lnk 2015-02-16 07:52 - 2015-02-16 15:46 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2015-02-16 07:51 - 2015-02-16 15:46 - 00000049 _____ () C:\WINDOWS\wiaservc.log 2015-02-16 07:51 - 2015-02-16 07:51 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log 2015-02-16 07:50 - 2015-02-16 14:15 - 00032454 _____ () C:\WINDOWS\SchedLgU.Txt 2015-02-12 15:42 - 2015-02-16 09:53 - 00000000 ____D () C:\Documents and Settings\Jane\My Documents\Alburnett Historical Society 2015-02-07 09:37 - 2015-02-07 09:40 - 00000000 ____D () C:\Documents and Settings\Jane\Application Data\FreeFileViewer 2015-02-06 08:37 - 2015-02-06 08:37 - 00000000 ____D () C:\Documents and Settings\Jane\Local Settings\Application Data\Binkiland 2015-02-06 08:34 - 2015-02-06 08:35 - 00000000 ____D () C:\Documents and Settings\Jane\Local Settings\Application Data\FreeFileViewer 2015-02-06 08:34 - 2015-02-06 08:34 - 00000754 _____ () C:\Documents and Settings\Jane\Desktop\FreeFileViewer.lnk 2015-02-06 08:34 - 2015-02-06 08:34 - 00000754 _____ () C:\Documents and Settings\All Users\Start Menu\FreeFileViewer.lnk 2015-02-06 08:34 - 2015-02-06 08:34 - 00000000 ____D () C:\Program Files\FreeFileViewer 2015-02-06 08:34 - 2015-02-06 08:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\FreeFileViewer 2015-02-06 08:31 - 2015-02-06 08:32 - 00000000 ____D () C:\Program Files\IntelliTerm_1.10.0.8 2015-02-02 08:19 - 2015-02-02 08:22 - 00000000 ____D () C:\Documents and Settings\Jane\Application Data\Apple Computer 2015-02-02 08:19 - 2015-02-02 08:19 - 00000000 ____D () C:\Documents and Settings\Jane\Local Settings\Application Data\Apple Computer 2015-01-28 08:16 - 2015-01-28 08:16 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-01-21 13:50 - 2015-01-21 13:50 - 00052728 _____ (Intelli Term) C:\WINDOWS\system32\Drivers\itnfd_1_10_0_8.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-16 15:54 - 2007-03-26 14:44 - 00000000 ____D () C:\Documents and Settings\Jane\Local Settings\Temp 2015-02-16 15:52 - 2011-06-22 12:20 - 00106296 _____ (JMicron Technology Corp.) C:\WINDOWS\system32\Drivers\jraid.sys 2015-02-16 15:52 - 2007-03-28 17:02 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups 2015-02-16 15:52 - 2007-03-26 14:37 - 01220037 _____ () C:\WINDOWS\WindowsUpdate.log 2015-02-16 15:51 - 2014-02-21 09:11 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-16 15:51 - 2014-02-19 12:43 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job 2015-02-16 15:48 - 2014-02-19 12:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ProductData 2015-02-16 15:46 - 2007-03-26 14:43 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp 2015-02-16 15:45 - 2015-01-12 10:44 - 00000270 _____ () C:\WINDOWS\Tasks\Driver Booster Update.job 2015-02-16 15:45 - 2015-01-12 10:44 - 00000268 _____ () C:\WINDOWS\Tasks\Driver Booster Scan.job 2015-02-16 15:45 - 2011-06-22 13:04 - 00000000 _____ () C:\Documents and Settings\All Users\Application Data\Gpu.log 2015-02-16 15:44 - 2014-04-18 09:52 - 00000396 _____ () C:\WINDOWS\Tasks\ProgramUpdateCheck.job 2015-02-16 15:44 - 2014-02-21 09:11 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-16 15:44 - 2014-02-19 12:43 - 00000270 _____ () C:\WINDOWS\Tasks\ASC7_PerformanceMonitor.job 2015-02-16 15:44 - 2013-01-25 08:24 - 00000342 _____ () C:\WINDOWS\Tasks\ROC_JAN2013_TB_rmv.job 2015-02-16 15:44 - 2011-07-06 06:57 - 00000268 _____ () C:\WINDOWS\Tasks\ASC4_PerformanceMonitor.job 2015-02-16 15:44 - 2007-03-26 14:43 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-02-16 15:44 - 2004-08-04 06:00 - 00012652 _____ () C:\WINDOWS\system32\wpa.dbl 2015-02-16 15:43 - 2015-01-08 08:31 - 00108632 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-02-16 15:43 - 2007-04-02 15:18 - 00000000 ____D () C:\Documents and Settings\Matt\Local Settings\Temp 2015-02-16 15:38 - 2007-03-26 06:25 - 00522814 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-02-16 15:36 - 2012-09-03 13:14 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-02-16 15:35 - 2007-04-02 15:18 - 00000000 ____D () C:\Documents and Settings\Matt 2015-02-16 15:31 - 2007-04-02 15:18 - 00000278 ___SH () C:\Documents and Settings\Matt\ntuser.ini 2015-02-16 14:00 - 2014-07-07 13:50 - 00000454 _____ () C:\WINDOWS\Tasks\At4.job 2015-02-16 13:20 - 2014-04-04 07:49 - 35028992 _____ () C:\WINDOWS\system32\config\software.iodefrag.bak 2015-02-16 13:20 - 2014-04-04 07:49 - 05054464 _____ () C:\WINDOWS\system32\config\default.iodefrag.bak 2015-02-16 13:20 - 2014-04-04 07:49 - 00057344 _____ () C:\WINDOWS\system32\config\SECURITY.iodefrag.bak 2015-02-16 13:20 - 2014-04-04 07:49 - 00032768 _____ () C:\WINDOWS\system32\config\SAM.iodefrag.bak 2015-02-16 13:20 - 2007-03-26 14:44 - 00000000 ____D () C:\Documents and Settings\Jane 2015-02-16 13:20 - 2007-03-26 14:43 - 00000000 __SHD () C:\Documents and Settings\NetworkService 2015-02-16 13:20 - 2007-03-26 14:43 - 00000000 __SHD () C:\Documents and Settings\LocalService 2015-02-16 13:19 - 2007-03-26 14:44 - 00000278 ___SH () C:\Documents and Settings\Jane\ntuser.ini 2015-02-16 13:19 - 2007-03-26 14:43 - 00000178 ___SH () C:\Documents and Settings\LocalService\ntuser.ini 2015-02-16 10:53 - 2014-02-08 10:52 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\FileTypeAssistant 2015-02-16 10:53 - 2014-02-08 10:50 - 00000448 _____ () C:\WINDOWS\Tasks\ProgramRefresh-ATFST.job 2015-02-16 10:52 - 2014-02-08 10:50 - 00000000 ____D () C:\Program Files\File Type Assistant 2015-02-16 10:50 - 2014-08-22 06:56 - 00000000 ____D () C:\Documents and Settings\Jane\My Documents\Curtis Meds 2015-02-16 10:10 - 2014-07-07 13:50 - 00000454 _____ () C:\WINDOWS\Tasks\At1.job 2015-02-16 09:05 - 2012-02-24 07:07 - 00000000 ____D () C:\Documents and Settings\Jane\My Documents\trustee mtg 2015-02-16 09:04 - 2010-01-02 12:15 - 00000000 ____D () C:\Documents and Settings\Jane\My Documents\Otter Creek Township 2015-02-16 08:09 - 2014-02-19 12:42 - 00001846 _____ () C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 7.lnk 2015-02-16 08:05 - 2014-02-20 08:57 - 35028992 _____ () C:\WINDOWS\system32\config\software.iobit 2015-02-16 08:05 - 2014-02-20 08:57 - 05054464 _____ () C:\WINDOWS\system32\config\default.iobit 2015-02-16 08:05 - 2014-02-20 08:57 - 00057344 _____ () C:\WINDOWS\system32\config\SECURITY.iobit 2015-02-16 08:05 - 2014-02-20 08:57 - 00032768 _____ () C:\WINDOWS\system32\config\SAM.iobit 2015-02-13 15:43 - 2007-03-28 14:30 - 00000278 ___SH () C:\Documents and Settings\Curtis\ntuser.ini 2015-02-13 15:43 - 2007-03-28 14:30 - 00000000 ____D () C:\Documents and Settings\Curtis 2015-02-13 15:29 - 2007-03-28 14:30 - 00000000 ____D () C:\Documents and Settings\Curtis\Local Settings\Temp 2015-02-13 15:27 - 2007-04-01 10:03 - 00002479 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk 2015-02-13 15:26 - 2013-11-23 11:31 - 00641024 _____ () C:\Documents and Settings\Curtis\Desktop\VMI 13.xls 2015-02-13 14:50 - 2014-07-07 13:50 - 00000454 _____ () C:\WINDOWS\Tasks\At3.job 2015-02-12 16:02 - 2014-08-09 15:19 - 00163328 _____ () C:\Documents and Settings\Jane\Desktop\Otter Creek 2014-15.xls 2015-02-10 08:59 - 2007-04-02 18:26 - 00000037 _____ () C:\WINDOWS\PcMars.Ini 2015-02-06 11:31 - 2007-04-02 18:45 - 00002471 _____ () C:\Documents and Settings\Curtis\Desktop\Microsoft Excel.lnk 2015-02-06 08:57 - 2014-08-27 13:22 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk 2015-02-06 08:46 - 2013-10-19 17:12 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\IObit 2015-02-06 08:37 - 2012-09-03 13:14 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2015-02-06 08:37 - 2012-03-11 13:14 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2015-02-06 08:34 - 2014-02-08 10:50 - 00000000 ____D () C:\Documents and Settings\Jane\Local Settings\Application Data\FileTypeAssistant 2015-02-06 08:32 - 2015-01-08 08:03 - 00001602 _____ () C:\Documents and Settings\Jane\Desktop\Internet.lnk 2015-02-06 08:32 - 2010-06-13 09:46 - 00000761 _____ () C:\Documents and Settings\Jane\Desktop\Internet Explorer.lnk 2015-01-28 11:04 - 2014-02-21 09:42 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-01-26 16:01 - 2013-09-26 08:51 - 00000000 ____D () C:\Documents and Settings\Jane\My Documents\Transamerica 2015-01-26 07:34 - 2007-04-01 10:03 - 00002429 _____ () C:\Documents and Settings\All Users\Start Menu\New Office Document.lnk ==================== Files in the root of some directories ======= 2007-11-21 20:47 - 2007-11-21 21:33 - 0005632 _____ () C:\Documents and Settings\Jane\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2010-07-26 19:06 - 2010-07-26 19:06 - 0000127 _____ () C:\Documents and Settings\Jane\Local Settings\Application Data\fusioncache.dat Files to move or delete: ==================== C:\Windows\Tasks\At1.job C:\Windows\Tasks\At2.job C:\Windows\Tasks\At3.job C:\Windows\Tasks\At4.job Some content of TEMP: ==================== C:\Documents and Settings\Jane\Local Settings\Temp\mpam-e7828fc6.exe C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-c2f95a55.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================ Second log file Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015 Ran by Jane (administrator) on JANE-A916F8D39A on 16-02-2015 15:53:11 Running from C:\Documents and Settings\Jane\My Documents\Downloads Loaded Profiles: Jane (Available profiles: Jane & Curtis & Matt) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IObit) C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE ( ASUSTeK Computer Inc.) C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\realplay.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe (America Online, Inc.) C:\WINDOWS\system32\PackethSvc.exe () C:\Program Files\Flip Video\FlipShare\FlipShareService.exe () C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe (Brand Affinity Technologies) C:\Program Files\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe (IObit) C:\Program Files\IObit\Driver Booster\DriverBooster.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (IObit) C:\Program Files\IObit\Advanced SystemCare 7\DelayLoad.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [18790432 2010-01-29] (Realtek Semiconductor Corp.) HKLM\...\Run: [Gpu Boost Driver] => C:\Program Files\ASUS\GPU Boost Driver\GpuBoostServer.exe [1137280 2010-03-27] ( ASUSTeK Computer Inc.) HKLM\...\Run: [RealTray] => C:\Program Files\Real\RealPlayer\RealPlay.exe [26112 2011-10-12] (RealNetworks, Inc.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2010-08-10] (Apple Inc.) HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.) Winlogon\Notify\avgrsstarter: C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.) HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess? HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0 HKLM\...\Policies\Explorer: [NoResolveSearch] 1 HKU\S-1-5-21-436374069-1614895754-682003330-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation) HKU\S-1-5-21-436374069-1614895754-682003330-1003\...\MountPoints2: {fe4625b5-db91-11db-b9d7-806d6172696f} - D:\Setup.EXE IFEO\FFVCFG.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe IFEO\FFVCheckForUpdates.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe IFEO\FreeFileViewer.exe: [Debugger] C:\Program Files\IObit\Advanced SystemCare 7\AutoReactivator.exe Startup: C:\Documents and Settings\Curtis\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8620.lnk ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8620.lnk -> C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPStatusBL.dll (Hewlett-Packard Co.) SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-436374069-1614895754-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://binkiland.com/?f=1&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir= HKU\S-1-5-21-436374069-1614895754-682003330-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: HKU\S-1-5-21-436374069-1614895754-682003330-1003 - (No Name) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - No File URLSearchHook: HKU\S-1-5-21-436374069-1614895754-682003330-1003 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File URLSearchHook: HKU\S-1-5-21-436374069-1614895754-682003330-1003 - (No Name) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - No File SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = SearchScopes: HKLM -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=tb50aoldesktopie7 SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir= SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM -> {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^UX^xdm038^YY^us&si=google_directions&ptb=AD8DE84C-491D-4D3F-807E-60187F67C903&ind=2013032110&n=77fc6eae&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKLM -> {BF144835-A0ED-4C47-8BFB-1BBB97113BD9} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir= SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms} SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir= SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> {8ED9E20E-6BF6-41F7-89A5-6F9351D816CD} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=file0202ie&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0SyBzztBtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=2033812561&ir= SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://isearch.avg.com/search?cid={D501F91E-D740-4231-BD67-FF748F810857}&mid=d23dcf4916a0bbe372fbdbe9df1c76d7-a6a989b8055c0b6bde40d5e8e923ebb17c87ac5d〈=us&ds=AVG&pr=fr&d=2011-12-0908:04:25&v=12.2.5.32&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> {BF144835-A0ED-4C47-8BFB-1BBB97113BD9} URL = SearchScopes: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} BHO: No Name -> {03EB0E9C-7A91-4381-A220-9B52B641CDB1} -> No File BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: No Name -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> No File BHO: No Name -> {1e91a655-bb4b-4693-a05e-2edebc4c9d89} -> No File BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File BHO: No Name -> {71c1d63a-c944-428a-a5bd-ba513190e5d2} -> No File BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File BHO: No Name -> {8A86D350-37AB-410A-8531-7D1363F317B3} -> No File BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: No Name -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> No File BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKLM - No Name - {364ea597-e728-4ce4-bb4a-ed846ef47970} - No File Toolbar: HKLM - No Name - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - No File Toolbar: HKLM - No Name - {10921475-03CE-4E04-90CE-E2E7EF20C814} - No File Toolbar: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File Toolbar: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File Toolbar: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKU\S-1-5-21-436374069-1614895754-682003330-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog5 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\w8lh5aib.default FF DefaultSearchEngine: Binkiland FF SearchEngineOrder.1: Mysearchdial FF SelectedSearchEngine: Binkiland FF Homepage: hxxp://binkiland.com/?f=1&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir= FF Keyword.URL: hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=AD8DE84C-491D-4D3F-807E-60187F67C903&n=77fc6c5b&ind=2013031515&p2=^UX^xdm038^YY^us&si=google_directions&searchfor= FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @MapsGalaxy_39.com/Plugin -> C:\Program Files\MapsGalaxy_39\bar\1.bin\NP39Stub.dll No File FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF user.js: detected! => C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\w8lh5aib.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdnu.dll (AOL LLC) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdnupdater2.dll (AOL LLC) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF SearchPlugin: C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\w8lh5aib.default\searchplugins\Binkiland.xml FF SearchPlugin: C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\w8lh5aib.default\searchplugins\my-web-search.xml FF SearchPlugin: C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\w8lh5aib.default\searchplugins\Mysearchdial.xml FF SearchPlugin: C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\w8lh5aib.default\searchplugins\yahoo_ff.xml FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Jane\Application Data\Mozilla\Firefox\Profiles\w8lh5aib.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2014-02-26] FF HKLM\...\Firefox\Extensions: [{3f963a5b-e555-4543-90e2-c3908898db71}] - C:\Program Files\AVG\AVG8\Firefox FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-06-22] FF HKLM\...\Firefox\Extensions: [39ffxtbr@MapsGalaxy_39.com] - C:\Program Files\MapsGalaxy_39\bar\1.bin FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-19] StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR HomePage: Default -> hxxp://binkiland.com/?f=1&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir= CHR StartupUrls: Default -> "hxxp://binkiland.com/?f=7&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir=", "hxxp://www.google.com/" CHR DefaultSearchKeyword: Default -> binkiland.com CHR DefaultSearchURL: Default -> http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_06&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEtD0FyEtByEyE0EyC0A0DtN0D0Tzu0StCtCtAtBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtBtCtA0BtC0FyEtGyD0B0AtCtGtC0FtAyEtG0AyC0CyEtGyCtCzytDzy0C0A0AyBtA0E0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyDyEtDtA0DyEtDtG0C0EtAyBtGyE0E0BzytGzy0DzytBtGtD0FtB0ByE0DtDtB0CyD0CtB2Q&cr=901421313&ir= CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR Profile: C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-27] CHR Extension: (Google Drive) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-27] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04] CHR Extension: (YouTube) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-27] CHR Extension: (Google Search) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-27] CHR Extension: (Avast Online Security) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-04] CHR Extension: (Google Wallet) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-27] CHR Extension: (Fantapper) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ohgcjecomkebbohfjgmncelbhogbbokf [2014-08-27] CHR Extension: (Gmail) - C:\Documents and Settings\Jane\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-27] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-07] CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14] CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2013-12-27] CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Documents and Settings\Curtis\Local Settings\Application Data\Slick Savings\coupons.crx [Not Found] CHR HKLM\...\Chrome\Extension: [ohgcjecomkebbohfjgmncelbhogbbokf] - C:\Program Files\Brand Affinity Technologies\Fantapper Player\\fantapper_gi20111005.crx [2011-12-15] CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdvancedSystemCareService7; C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe [893216 2014-08-18] (IObit) S4 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-07] (AVAST Software) R2 FlipShare Service; C:\Program Files\Flip Video\FlipShare\FlipShareService.exe [460144 2010-12-15] () R2 FlipShareServer; C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2010-12-15] () [File not signed] R2 FTSvc; C:\Program Files\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe [11776 2011-12-15] (Brand Affinity Technologies) [File not signed] S4 itsvc_1.10.0.8; C:\Program Files\IntelliTerm_1.10.0.8\Service\itsvc.exe [278608 2015-01-21] (Intelli Term) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-05-07] (Oracle Corporation) S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [0 2014-05-20] () <==== ATTENTION (zero size file/folder) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation) R2 PackethSvc; C:\WINDOWS\system32\PackethSvc.exe [51200 2000-12-07] (America Online, Inc.) [File not signed] S3 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [65536 2004-03-18] (HP) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [2310272 2005-01-28] (Realtek Semiconductor Corp.) S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-17] (Creative) R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices) R3 AODDriver; C:\Program Files\ASUS\GPU Boost Driver\i386\AODDriver.sys [36864 2010-03-12] (Advanced Micro Devices) [File not signed] R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [11296 2009-08-03] () R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2015-01-07] () R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2015-01-07] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2015-01-07] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2015-01-07] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2015-01-07] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2015-01-07] (AVAST Software) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2015-01-07] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2015-01-07] () S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51088 2004-06-22] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2004-06-22] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21744 2004-06-22] (HP) R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2015-01-12] (REALiX) R1 itnfd_1_10_0_8; C:\WINDOWS\System32\drivers\itnfd_1_10_0_8.sys [52728 2015-01-21] (Intelli Term) R0 JRAID; C:\WINDOWS\System32\DRIVERS\jraid.sys [106296 2015-02-16] (JMicron Technology Corp.) S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [108632 2015-02-16] (Malwarebytes Corporation) S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-17] (Creative Technology Ltd.) R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation) R1 MpKsl22395e4f; C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1CA72FEF-4A58-43D0-9009-FE9122FE0809}\MpKsl22395e4f.sys [29904 2015-02-16] (Microsoft Corporation) R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-12] () R0 nvatabus; C:\WINDOWS\System32\DRIVERS\nvatabus.sys [79360 2004-06-02] (NVIDIA Corporation) S3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [33280 2004-05-17] (NVIDIA Corporation) S3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [12928 2004-05-17] (NVIDIA Corporation) R0 nv_agp; C:\WINDOWS\System32\DRIVERS\nv_agp.sys [21760 2004-04-02] (NVIDIA Corporation) R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.) R3 wandrv; C:\WINDOWS\System32\DRIVERS\wandrv.sys [22640 2000-12-03] (America Online, Inc.) S2 11281; \??\C:\DOCUME~1\Curtis\LOCALS~1\Temp\11281.sys [X] S4 IntelIde; No ImagePath S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [X] S4 LMIRfsClientNP; No ImagePath U5 P3; C:\Windows\System32\Drivers\P3.sys [42752 2008-04-13] (Microsoft Corporation) U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-16 15:53 - 2015-02-16 15:53 - 00000000 ____D () C:\FRST 2015-02-16 15:52 - 2015-02-16 15:52 - 00007072 _____ () C:\WINDOWS\setupapi.log 2015-02-16 15:52 - 2015-02-16 15:52 - 00000000 ____D () C:\WINDOWS\LastGood 2015-02-16 14:39 - 2015-02-16 15:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) 2015-02-16 14:00 - 2015-02-16 14:02 - 16466552 _____ (Malwarebytes Corp.) C:\Documents and Settings\Matt\Desktop\mbar-1.08.3.1004.exe 2015-02-16 13:45 - 2015-02-16 15:43 - 00000000 ____D () C:\Documents and Settings\Matt\Desktop\mbar 2015-02-16 13:36 - 2015-02-16 13:36 - 00000000 ____D () C:\Documents and Settings\Jane\Desktop\mbar 2015-02-16 13:20 - 2015-02-16 13:20 - 35028992 _____ () C:\WINDOWS\system32\config\software.iodefrag 2015-02-16 13:20 - 2015-02-16 13:20 - 05054464 _____ () C:\WINDOWS\system32\config\default.iodefrag 2015-02-16 13:20 - 2015-02-16 13:20 - 00057344 _____ () C:\WINDOWS\system32\config\SECURITY.iodefrag 2015-02-16 13:20 - 2015-02-16 13:20 - 00032768 _____ () C:\WINDOWS\system32\config\SAM.iodefrag 2015-02-16 13:20 - 2015-02-16 13:20 - 00000000 _____ () C:\asc_rdflag 2015-02-16 13:17 - 2015-02-16 14:39 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-02-16 09:21 - 2015-02-16 09:21 - 00000529 _____ () C:\Documents and Settings\Jane\Desktop\Shortcut to Alburnett Historical Society.lnk 2015-02-16 07:52 - 2015-02-16 15:46 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2015-02-16 07:51 - 2015-02-16 15:46 - 00000049 _____ () C:\WINDOWS\wiaservc.log 2015-02-16 07:51 - 2015-02-16 07:51 - 00000000 ____N () C:\WINDOWS\Sti_Trace.log 2015-02-16 07:50 - 2015-02-16 14:15 - 00032454 _____ () C:\WINDOWS\SchedLgU.Txt 2015-02-12 15:42 - 2015-02-16 09:53 - 00000000 ____D () C:\Documents and Settings\Jane\My Documents\Alburnett Historical Society 2015-02-07 09:37 - 2015-02-07 09:40 - 00000000 ____D () C:\Documents and Settings\Jane\Application Data\FreeFileViewer 2015-02-06 08:37 - 2015-02-06 08:37 - 00000000 ____D () C:\Documents and Settings\Jane\Local Settings\Application Data\Binkiland 2015-02-06 08:34 - 2015-02-06 08:35 - 00000000 ____D () C:\Documents and Settings\Jane\Local Settings\Application Data\FreeFileViewer 2015-02-06 08:34 - 2015-02-06 08:34 - 00000754 _____ () C:\Documents and Settings\Jane\Desktop\FreeFileViewer.lnk 2015-02-06 08:34 - 2015-02-06 08:34 - 00000754 _____ () C:\Documents and Settings\All Users\Start Menu\FreeFileViewer.lnk 2015-02-06 08:34 - 2015-02-06 08:34 - 00000000 ____D () C:\Program Files\FreeFileViewer 2015-02-06 08:34 - 2015-02-06 08:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\FreeFileViewer 2015-02-06 08:31 - 2015-02-06 08:32 - 00000000 ____D () C:\Program Files\IntelliTerm_1.10.0.8 2015-02-02 08:19 - 2015-02-02 08:22 - 00000000 ____D () C:\Documents and Settings\Jane\Application Data\Apple Computer 2015-02-02 08:19 - 2015-02-02 08:19 - 00000000 ____D () C:\Documents and Settings\Jane\Local Settings\Application Data\Apple Computer 2015-01-28 08:16 - 2015-01-28 08:16 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-01-21 13:50 - 2015-01-21 13:50 - 00052728 _____ (Intelli Term) C:\WINDOWS\system32\Drivers\itnfd_1_10_0_8.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-16 15:54 - 2007-03-26 14:44 - 00000000 ____D () C:\Documents and Settings\Jane\Local Settings\Temp 2015-02-16 15:52 - 2011-06-22 12:20 - 00106296 _____ (JMicron Technology Corp.) C:\WINDOWS\system32\Drivers\jraid.sys 2015-02-16 15:52 - 2007-03-28 17:02 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups 2015-02-16 15:52 - 2007-03-26 14:37 - 01220037 _____ () C:\WINDOWS\WindowsUpdate.log 2015-02-16 15:51 - 2014-02-21 09:11 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-16 15:51 - 2014-02-19 12:43 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job 2015-02-16 15:48 - 2014-02-19 12:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ProductData 2015-02-16 15:46 - 2007-03-26 14:43 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp 2015-02-16 15:45 - 2015-01-12 10:44 - 00000270 _____ () C:\WINDOWS\Tasks\Driver Booster Update.job 2015-02-16 15:45 - 2015-01-12 10:44 - 00000268 _____ () C:\WINDOWS\Tasks\Driver Booster Scan.job 2015-02-16 15:45 - 2011-06-22 13:04 - 00000000 _____ () C:\Documents and Settings\All Users\Application Data\Gpu.log 2015-02-16 15:44 - 2014-04-18 09:52 - 00000396 _____ () C:\WINDOWS\Tasks\ProgramUpdateCheck.job 2015-02-16 15:44 - 2014-02-21 09:11 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-16 15:44 - 2014-02-19 12:43 - 00000270 _____ () C:\WINDOWS\Tasks\ASC7_PerformanceMonitor.job 2015-02-16 15:44 - 2013-01-25 08:24 - 00000342 _____ () C:\WINDOWS\Tasks\ROC_JAN2013_TB_rmv.job 2015-02-16 15:44 - 2011-07-06 06:57 - 00000268 _____ () C:\WINDOWS\Tasks\ASC4_PerformanceMonitor.job 2015-02-16 15:44 - 2007-03-26 14:43 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-02-16 15:44 - 2004-08-04 06:00 - 00012652 _____ () C:\WINDOWS\system32\wpa.dbl 2015-02-16 15:43 - 2015-01-08 08:31 - 00108632 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-02-16 15:43 - 2007-04-02 15:18 - 00000000 ____D () C:\Documents and Settings\Matt\Local Settings\Temp 2015-02-16 15:38 - 2007-03-26 06:25 - 00522814 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-02-16 15:36 - 2012-09-03 13:14 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-02-16 15:35 - 2007-04-02 15:18 - 00000000 ____D () C:\Documents and Settings\Matt 2015-02-16 15:31 - 2007-04-02 15:18 - 00000278 ___SH () C:\Documents and Settings\Matt\ntuser.ini 2015-02-16 14:00 - 2014-07-07 13:50 - 00000454 _____ () C:\WINDOWS\Tasks\At4.job 2015-02-16 13:20 - 2014-04-04 07:49 - 35028992 _____ () C:\WINDOWS\system32\config\software.iodefrag.bak 2015-02-16 13:20 - 2014-04-04 07:49 - 05054464 _____ () C:\WINDOWS\system32\config\default.iodefrag.bak 2015-02-16 13:20 - 2014-04-04 07:49 - 00057344 _____ () C:\WINDOWS\system32\config\SECURITY.iodefrag.bak 2015-02-16 13:20 - 2014-04-04 07:49 - 00032768 _____ () C:\WINDOWS\system32\config\SAM.iodefrag.bak 2015-02-16 13:20 - 2007-03-26 14:44 - 00000000 ____D () C:\Documents and Settings\Jane 2015-02-16 13:20 - 2007-03-26 14:43 - 00000000 __SHD () C:\Documents and Settings\NetworkService 2015-02-16 13:20 - 2007-03-26 14:43 - 00000000 __SHD () C:\Documents and Settings\LocalService 2015-02-16 13:19 - 2007-03-26 14:44 - 00000278 ___SH () C:\Documents and Settings\Jane\ntuser.ini 2015-02-16 13:19 - 2007-03-26 14:43 - 00000178 ___SH () C:\Documents and Settings\LocalService\ntuser.ini 2015-02-16 10:53 - 2014-02-08 10:52 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\FileTypeAssistant 2015-02-16 10:53 - 2014-02-08 10:50 - 00000448 _____ () C:\WINDOWS\Tasks\ProgramRefresh-ATFST.job 2015-02-16 10:52 - 2014-02-08 10:50 - 00000000 ____D () C:\Program Files\File Type Assistant 2015-02-16 10:50 - 2014-08-22 06:56 - 00000000 ____D () C:\Documents and Settings\Jane\My Documents\Curtis Meds 2015-02-16 10:10 - 2014-07-07 13:50 - 00000454 _____ () C:\WINDOWS\Tasks\At1.job 2015-02-16 09:05 - 2012-02-24 07:07 - 00000000 ____D () C:\Documents and Settings\Jane\My Documents\trustee mtg 2015-02-16 09:04 - 2010-01-02 12:15 - 00000000 ____D () C:\Documents and Settings\Jane\My Documents\Otter Creek Township 2015-02-16 08:09 - 2014-02-19 12:42 - 00001846 _____ () C:\Documents and Settings\All Users\Desktop\Advanced SystemCare 7.lnk 2015-02-16 08:05 - 2014-02-20 08:57 - 35028992 _____ () C:\WINDOWS\system32\config\software.iobit 2015-02-16 08:05 - 2014-02-20 08:57 - 05054464 _____ () C:\WINDOWS\system32\config\default.iobit 2015-02-16 08:05 - 2014-02-20 08:57 - 00057344 _____ () C:\WINDOWS\system32\config\SECURITY.iobit 2015-02-16 08:05 - 2014-02-20 08:57 - 00032768 _____ () C:\WINDOWS\system32\config\SAM.iobit 2015-02-13 15:43 - 2007-03-28 14:30 - 00000278 ___SH () C:\Documents and Settings\Curtis\ntuser.ini 2015-02-13 15:43 - 2007-03-28 14:30 - 00000000 ____D () C:\Documents and Settings\Curtis 2015-02-13 15:29 - 2007-03-28 14:30 - 00000000 ____D () C:\Documents and Settings\Curtis\Local Settings\Temp 2015-02-13 15:27 - 2007-04-01 10:03 - 00002479 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk 2015-02-13 15:26 - 2013-11-23 11:31 - 00641024 _____ () C:\Documents and Settings\Curtis\Desktop\VMI 13.xls 2015-02-13 14:50 - 2014-07-07 13:50 - 00000454 _____ () C:\WINDOWS\Tasks\At3.job 2015-02-12 16:02 - 2014-08-09 15:19 - 00163328 _____ () C:\Documents and Settings\Jane\Desktop\Otter Creek 2014-15.xls 2015-02-10 08:59 - 2007-04-02 18:26 - 00000037 _____ () C:\WINDOWS\PcMars.Ini 2015-02-06 11:31 - 2007-04-02 18:45 - 00002471 _____ () C:\Documents and Settings\Curtis\Desktop\Microsoft Excel.lnk 2015-02-06 08:57 - 2014-08-27 13:22 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk 2015-02-06 08:46 - 2013-10-19 17:12 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\IObit 2015-02-06 08:37 - 2012-09-03 13:14 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2015-02-06 08:37 - 2012-03-11 13:14 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2015-02-06 08:34 - 2014-02-08 10:50 - 00000000 ____D () C:\Documents and Settings\Jane\Local Settings\Application Data\FileTypeAssistant 2015-02-06 08:32 - 2015-01-08 08:03 - 00001602 _____ () C:\Documents and Settings\Jane\Desktop\Internet.lnk 2015-02-06 08:32 - 2010-06-13 09:46 - 00000761 _____ () C:\Documents and Settings\Jane\Desktop\Internet Explorer.lnk 2015-01-28 11:04 - 2014-02-21 09:42 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-01-26 16:01 - 2013-09-26 08:51 - 00000000 ____D () C:\Documents and Settings\Jane\My Documents\Transamerica 2015-01-26 07:34 - 2007-04-01 10:03 - 00002429 _____ () C:\Documents and Settings\All Users\Start Menu\New Office Document.lnk ==================== Files in the root of some directories ======= 2007-11-21 20:47 - 2007-11-21 21:33 - 0005632 _____ () C:\Documents and Settings\Jane\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2010-07-26 19:06 - 2010-07-26 19:06 - 0000127 _____ () C:\Documents and Settings\Jane\Local Settings\Application Data\fusioncache.dat Files to move or delete: ==================== C:\Windows\Tasks\At1.job C:\Windows\Tasks\At2.job C:\Windows\Tasks\At3.job C:\Windows\Tasks\At4.job Some content of TEMP: ==================== C:\Documents and Settings\Jane\Local Settings\Temp\mpam-e7828fc6.exe C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-c2f95a55.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================ MBAR log Malwarebytes Anti-Rootkit BETA 1.08.3.1004 www.malwarebytes.org Database version: main: v2014.11.18.05 rootkit: v2014.11.12.01 Windows XP Service Pack 3 x86 NTFS (Safe Mode) Internet Explorer 8.0.6001.18702 Matt :: JANE-A916F8D39A [administrator] 2/16/2015 2:39:40 PM mbar-log-2015-02-16 (14-39-40).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged. Objects scanned: 401933 Time elapsed: 31 minute(s), 16 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 3 HKU\S-1-5-21-436374069-1614895754-682003330-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Delete on reboot. [0934fd40e29a59ddcbe94e8022e06d93] HKU\S-1-5-21-436374069-1614895754-682003330-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Delete on reboot. [0934fd40e29a59ddcbe94e8022e06d93] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Delete on reboot. [0934fd40e29a59ddcbe94e8022e06d93] Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 6 C:\RECYCLER\S-1-5-18\$dd22bd2f6e4f737edcb1d597cc7a6660\U (Trojan.Siredef.C) -> Delete on reboot. [380556e7e19b4de9a67c38c941bfb24e] C:\RECYCLER\S-1-5-21-436374069-1614895754-682003330-1003\$dd22bd2f6e4f737edcb1d597cc7a6660\U (Trojan.Siredef.C) -> Delete on reboot. [49f452eb265671c5dd454cb58d731ce4] C:\RECYCLER\S-1-5-18\$dd22bd2f6e4f737edcb1d597cc7a6660\L (Trojan.Siredef.C) -> Delete on reboot. [330a2a137c001125de466e93fe0241bf] C:\RECYCLER\S-1-5-21-436374069-1614895754-682003330-1003\$dd22bd2f6e4f737edcb1d597cc7a6660\L (Trojan.Siredef.C) -> Delete on reboot. [98a599a493e9979f7ca88d74ec14f10f] C:\RECYCLER\S-1-5-18\$dd22bd2f6e4f737edcb1d597cc7a6660 (Trojan.Siredef.C) -> Delete on reboot. [c17c2518bebeb97dd55004fd98685aa6] C:\RECYCLER\S-1-5-21-436374069-1614895754-682003330-1003\$dd22bd2f6e4f737edcb1d597cc7a6660 (Trojan.Siredef.C) -> Delete on reboot. [51eccb726c102a0c3fe650b1d12fda26] Files Detected: 6 C:\WINDOWS\SYSTEM32\drivers\acpi.sys (Rootkit.RLoader) -> Replace on reboot. [e8dec5b2a480301cc01e4127b900db4f] C:\RECYCLER\S-1-5-18\$dd22bd2f6e4f737edcb1d597cc7a6660\@ (Trojan.Siredef.C) -> Delete on reboot. [192419246616d95d75aa3ac797698f71] C:\RECYCLER\S-1-5-21-436374069-1614895754-682003330-1003\$dd22bd2f6e4f737edcb1d597cc7a6660\@ (Trojan.Siredef.C) -> Delete on reboot. [f548b885cdaf62d433ece61b12ee20e0] C:\RECYCLER\S-1-5-18\$dd22bd2f6e4f737edcb1d597cc7a6660\L\00000004.@ (Trojan.Siredef.C) -> Delete on reboot. [fd40a6979ae200366db026db52aef010] C:\RECYCLER\S-1-5-18\$dd22bd2f6e4f737edcb1d597cc7a6660\L\201d3dde (Trojan.Siredef.C) -> Delete on reboot. [d06dcd70adcf1b1b011c8b76cb3514ec] C:\RECYCLER\S-1-5-18\$dd22bd2f6e4f737edcb1d597cc7a6660\L\76603ac3 (Trojan.Siredef.C) -> Delete on reboot. [e657a09d0b716ec84dd0ab5603fdd22e] Physical Sectors Detected: 0 (No malicious items detected) (end)
- February 16, 2015
- 6 replies
bikiniland

Iowaparamed replied to Iowaparamed's topic in Resolved Malware Removal Logs

Ok this is from my phone as I am still working on the pc. I was able to run farbar. But so far every time I attempt to run mbar other than in safe mode, it causes a reboot of the system. Any thoughts about what to do?
- February 16, 2015
- 6 replies
bikiniland

Iowaparamed posted a topic in Resolved Malware Removal Logs

So somehow my office pc got bikiniland on it and after reading TwoHeadedEagle's posts I downloaded mbar. Problem was that every time I tried to run it the pc would restart. I restarted in safe mode and have been able to run mbar. I'll post the results
- February 16, 2015
- 6 replies

Sign In

Iowaparamed

Posts

Joined

Last visited

Reputation

bikiniland

bikiniland

bikiniland

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information