Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:23-11-2015 Ran by Owner (administrator) on BACK_BEDROOM (24-11-2015 18:33:00) Running from C:\ Loaded Profiles: Owner (Available Profiles: Owner & Steve & Sara) Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States) Internet Explorer Version 8 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Webroot) C:\Program Files\Webroot\WRSA.exe (Creative Technology Ltd) C:\WINDOWS\system32\CTsvcCDA.EXE (Boingo Wireless, Inc.) C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe (LogMeIn, Inc.) C:\Documents and Settings\Owner\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0006.tmp\LMI_Rescue_srv.exe (Microsoft Corporation) C:\WINDOWS\system32\MsPMSPSv.exe (Webroot) C:\Program Files\Webroot\WRSA.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Sonic Solutions) C:\WINDOWS\system32\dla\tfswctrl.exe (Broadcom Corporation) C:\WINDOWS\BCMSMMSG.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd.exe (Hewlett-Packard Company) C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (RealNetworks, Inc.) C:\Program Files\Common Files\Real\Update_OB\realsched.exe () C:\Program Files\DivX\DivX Update\DivXUpdate.exe (Logitech Inc.) C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Microsoft Corp.) C:\Program Files\Microsoft Money\System\mnyexpr.exe (LogMeIn, Inc.) C:\Documents and Settings\Owner\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0006.tmp\lmi_rescue.exe (EarthLink, Inc.) C:\Program Files\EarthLink TotalAccess\TaskPanl.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Creative Technology Ltd) C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe (HP) C:\WINDOWS\system32\hpzipm12.exe (LogMeIn, Inc.) C:\Documents and Settings\Owner\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0006.tmp\LMI_Rescue_srv.exe (??????????? ???????????, 2007-2015) C:\avz4\avz.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Logitech Utility] => C:\WINDOWS\Logi_MwX.Exe [19968 2003-05-16] (Logitech Inc.) HKLM\...\Run: [diagent] => C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe [135264 2002-04-03] (Creative Technology Ltd) HKLM\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM\...\Run: [dla] => C:\WINDOWS\system32\dla\tfswctrl.exe [114741 2003-08-06] (Sonic Solutions) HKLM\...\Run: [StorageGuard] => C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [155648 2003-02-13] (Sonic Solutions) HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) HKLM\...\Run: [BCMSMMSG] => C:\WINDOWS\BCMSMMSG.exe [122880 2003-08-29] (Broadcom Corporation) HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd.exe [49152 2003-06-25] (Hewlett-Packard) HKLM\...\Run: [HP Component Manager] => C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [241664 2004-05-12] (Hewlett-Packard Company) HKLM\...\Run: [TkBellExe] => C:\Program Files\Common Files\Real\Update_OB\realsched.exe [185872 2008-12-07] (RealNetworks, Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [998104 2015-07-07] (Adobe Systems Incorporated) HKLM\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [840264 2015-11-20] (Webroot) HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] () HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-10-02] (Apple Inc.) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll [2003-10-02] (Intel Corporation) HKLM\...\Policies\Explorer: [] HKLM\...\Policies\Explorer: [NoCDBurning] 0 HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoViewOnDrive] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKLM\...\Policies\Explorer: [NoViewContextMenu] 0 HKLM\...\Policies\Explorer: [NoShellSearchButton] 0 HKLM\...\Policies\Explorer: [NoFind] 0 HKLM\...\Policies\Explorer: [NoFile] 0 HKLM\...\Policies\Explorer: [HideClock] 0 HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0 HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKLM\...\Policies\Explorer: [NoSetFolders] 0 HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKLM\...\Policies\Explorer: [NoSetTaskbar] 0 HKLM\...\Policies\Explorer: [NoDeletePrinter] 0 HKLM\...\Policies\Explorer: [NoDFSTab] 0 HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0 HKLM\...\Policies\Explorer: [NoLogoff] 0 HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0 HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0 HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKLM\...\Policies\Explorer: [NoResolveSearch] 0 HKLM\...\Policies\Explorer: [NoSaveSettings] 0 HKLM\...\Policies\Explorer: [NoHardwareTab] 0 HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKLM\...\Policies\Explorer: [NoDesktop] 0 HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Run: [MoneyAgent] => C:\Program Files\Microsoft Money\System\mnyexpr.exe [200704 2003-06-18] (Microsoft Corp.) HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Run: [NBJ] => C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [1961984 2005-10-11] (Ahead Software AG) HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Run: [E6TaskPanel] => C:\Program Files\EarthLink TotalAccess\TaskPanl.exe [942080 2005-09-01] (EarthLink, Inc.) HKU\S-1-5-21-583907252-412668190-839522115-1003\...\RunOnce: [*LogMeInRescue_301236020] => C:\Documents and Settings\Owner\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0006.tmp\lmi_rescue.exe [3983120 2015-11-24] (LogMeIn, Inc.) HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-21-583907252-412668190-839522115-1003\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKU\S-1-5-21-583907252-412668190-839522115-1003\...\MountPoints2: {99c71520-566d-11e0-a613-000d565d02cf} - G:\LaunchU3.exe HKU\S-1-5-21-583907252-412668190-839522115-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\rkill.scr [2019656 2015-11-24] (Bleeping Computer, LLC) HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0 Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2008-11-02] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2015-11-20] ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [S-1-5-21-583907252-412668190-839522115-1003] => Proxy is enabled. Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{004D185E-55F2-4585-8104-6EBAA6426454}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.earthlink.net/partner/more/msie/button/search.html HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.earthlink.net/partner/more/msie/button/search.html HKU\S-1-5-21-583907252-412668190-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.earthlink.net HKU\S-1-5-21-583907252-412668190-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.earthlink.net/partner/more/msie/button/search.html HKU\S-1-5-21-583907252-412668190-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://start.earthlink.net/AL/Search URLSearchHook: [S-1-5-21-583907252-412668190-839522115-1003] ATTENTION => Default URLSearchHook is missing URLSearchHook: HKU\S-1-5-21-583907252-412668190-839522115-1003 - SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll (EarthLink, Inc.) SearchScopes: HKLM -> {65A95FBF-F5AC-44fa-8112-5C493C4DE412} URL = hxxp://eimg.net/sw/toolbar/4/2/rd601.html?area=earthlink-ws-altsearchbox&channel=elnkdsearch&q={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {65A95FBF-F5AC-44fa-8112-5C493C4DE412} URL = hxxp://eimg.net/sw/toolbar/4/2/rd601.html?area=earthlink-ws-altsearchbox&channel=elnkdsearch&q={searchTerms} SearchScopes: HKU\.DEFAULT -> {65A95FBF-F5AC-44fa-8112-5C493C4DE412} URL = hxxp://eimg.net/sw/toolbar/4/2/rd601.html?area=earthlink-ws-altsearchbox&channel=elnkdsearch&q={searchTerms} SearchScopes: HKU\S-1-5-21-583907252-412668190-839522115-1003 -> DefaultScope {65A95FBF-F5AC-44fa-8112-5C493C4DE412} URL = hxxp://eimg.net/sw/toolbar/4/2/rd601.html?area=earthlink-ws-altsearchbox&channel=elnkdsearch&q={searchTerms} SearchScopes: HKU\S-1-5-21-583907252-412668190-839522115-1003 -> {65A95FBF-F5AC-44fa-8112-5C493C4DE412} URL = hxxp://eimg.net/sw/toolbar/4/2/rd601.html?area=earthlink-ws-altsearchbox&channel=elnkdsearch&q={searchTerms} BHO: ElnkPubBHO Class -> {512ACF1B-64D9-4928-B382-A80556F28DB4} -> C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPub.dll [2011-02-15] (EarthLink, Inc.) BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\system32\dla\tfswshx.dll [2003-08-06] (Sonic Solutions) BHO: IE_PopupBlocker Class -> {656EC4B7-072B-4698-B504-2A414C1F0037} -> C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll [2005-02-02] (Propel Software Corporation) BHO: ElnkProtectionBHO Class -> {9579D574-D4D8-4335-9560-FE8641A013BD} -> C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll [2011-02-15] (EarthLink, Inc.) BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-11-03] (Webroot) BHO: ElnkLegacyUninstBHO Class -> {E713904C-DF05-4C79-BBAD-02DB923253BE} -> C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll [2011-02-15] (EarthLink, Inc.) BHO: No Name -> {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -> No File Toolbar: HKLM - EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll [2011-02-15] (EarthLink, Inc.) Toolbar: HKU\.DEFAULT -> EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll [2011-02-15] (EarthLink, Inc.) Toolbar: HKU\S-1-5-21-583907252-412668190-839522115-1003 -> EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll [2011-02-15] (EarthLink, Inc.) DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} hxxps://webdl.symantec.com/activex/symdlmgr.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll [2004-05-12] (Hewlett-Packard Company) FireFox: ======== FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhhq5a12.default-1445476553906 FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll [No File] FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2014-08-13] (DivX, LLC) FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2008-10-16] (Yahoo! Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2008-12-07] (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=1.0.3.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2008-12-07] (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2008-12-07] (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.) FF Extension: No Name - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhhq5a12.default-1445476553906\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [not found] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-18] [not signed] FF HKLM\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\Documents and Settings\All Users\Application Data\WRData\PKG\FIREFOX\WebrootSecure_SocketServer FF Extension: Webroot Filtering Extension - C:\Documents and Settings\All Users\Application Data\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2015-11-03] Chrome: ======= CHR HomePage: Default -> hxxp://my.earthlink.net/ CHR Profile: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04] CHR Extension: (Google Drive) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22] CHR Extension: (YouTube) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Google Search) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28] CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20] CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-29] CHR Extension: (Gmail) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31] CHR HKLM\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) [File not signed] R2 EarthLinkMonitor; C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe [65604 2005-01-26] (Boingo Wireless, Inc.) [File not signed] R2 LMIRescue_87e80eba-8d8b-4821-8b6e-ed336cba6a6a; C:\Documents and Settings\Owner\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0006.tmp\LMI_Rescue_srv.exe [3983120 2015-11-24] (LogMeIn, Inc.) S3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [114800 2015-06-27] (Mozilla Foundation) [File not signed] R2 WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation) [File not signed] R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [840264 2015-11-20] (Webroot) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [35840 2004-10-07] (Oak Technology Inc.) R3 BCMModem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [1101696 2003-08-29] (Broadcom Corporation) S3 bvrp_pci; C:\WINDOWS\System32\drivers\bvrp_pci.sys [4272 2003-08-28] () [File not signed] S3 BW2NDIS5; C:\WINDOWS\System32\Drivers\BW2NDIS5.sys [17536 2004-11-01] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [84576 2003-07-31] (Sonic Solutions) [File not signed] R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40448 2003-06-20] (Sonic Solutions) [File not signed] R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation) R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [51056 2003-08-11] (HP) R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2003-08-11] (HP) R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21488 2003-08-11] (HP) R3 L8042pr2; C:\WINDOWS\System32\DRIVERS\L8042pr2.Sys [53869 2003-05-16] (Logitech, Inc.) R1 OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [13632 2001-08-22] (Dell Computer Corporation) [File not signed] R3 P16X; C:\WINDOWS\System32\drivers\P16X.sys [1296384 2003-08-14] (Creative Technology Ltd.) R2 PfModNT; C:\WINDOWS\System32\PfModNT.sys [6752 1999-12-17] (Creative Technology Ltd.) [File not signed] R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5621 2003-07-14] (Sonic Solutions) [File not signed] R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23219 2003-07-14] (Sonic Solutions) [File not signed] R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25685 2003-08-06] (Sonic Solutions) [File not signed] R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34837 2003-08-06] (Sonic Solutions) [File not signed] R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4117 2003-08-06] (Sonic Solutions) [File not signed] R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2233 2003-08-06] (Sonic Solutions) [File not signed] R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [83284 2003-08-06] (Sonic Solutions) [File not signed] R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [14229 2003-08-06] (Sonic Solutions) [File not signed] R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6357 2003-08-06] (Sonic Solutions) [File not signed] R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98068 2003-08-06] (Sonic Solutions) [File not signed] R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100373 2003-08-06] (Sonic Solutions) [File not signed] U3 uti0odaz; C:\WINDOWS\system32\Drivers\uti0odaz.sys [7168 2015-11-24] () [File not signed] R0 WRkrn; C:\WINDOWS\System32\drivers\WRkrn.sys [119288 2015-10-14] (Webroot) S3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [25600 2015-11-03] (Webroot) [File not signed] R3 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\WINDOWS\System32\drivers\ialmsbw.sys [120830 2003-10-08] (Intel Corporation) R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\WINDOWS\System32\drivers\ialmkchw.sys [98842 2003-10-08] (Intel Corporation) U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U3 TlntSvr; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Three Months Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-24 18:20 - 2015-11-24 18:33 - 00000000 ____D C:\avz4 2015-11-24 17:35 - 2015-11-24 17:35 - 00002684 _____ C:\FSS.txt 2015-11-24 17:35 - 2015-11-24 17:26 - 00415744 _____ (Farbar) C:\FSS.exe 2015-11-24 14:58 - 2015-11-24 14:54 - 02019656 _____ (Bleeping Computer, LLC) C:\rkill.scr 2015-11-24 14:58 - 2015-11-24 14:54 - 02019656 _____ (Bleeping Computer, LLC) C:\rkill.com 2015-11-24 14:57 - 2015-11-24 14:53 - 02019656 _____ (Bleeping Computer, LLC) C:\WiNlOgOn.exe 2015-11-24 14:57 - 2015-11-24 14:53 - 02019656 _____ (Bleeping Computer, LLC) C:\uSeRiNiT.exe 2015-11-24 14:17 - 2014-09-11 03:57 - 02480312 _____ (Sysinternals - www.sysinternals.com) C:\procexp.exe 2015-11-24 14:12 - 2006-11-01 15:07 - 00334720 _____ (Sysinternals - www.sysinternals.com) C:\RootkitRevealer.exe 2015-11-24 14:08 - 2015-11-24 14:04 - 00783640 _____ (McAfee, Inc.) C:\rootkitremover.exe 2015-11-24 13:18 - 2015-11-23 19:54 - 00380416 _____ C:\ob8gj0dk.exe 2015-11-24 13:11 - 2015-11-24 13:11 - 00000512 _____ C:\MBRDUMP.txt 2015-11-23 22:03 - 2015-11-23 22:04 - 00023246 _____ C:\Addition.txt 2015-11-23 21:58 - 2008-04-13 13:36 - 00014208 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\battc.sys 2015-11-23 21:58 - 2001-08-17 14:56 - 00342336 ____C (3Dfx Interactive, Inc.) C:\WINDOWS\system32\dllcache\banshee.dll 2015-11-23 21:58 - 2001-08-17 12:48 - 00036128 ____C (3Dfx Interactive, Inc.) C:\WINDOWS\system32\dllcache\banshee.sys 2015-11-23 21:58 - 2001-08-17 12:19 - 00036992 ____C (Aztech Systems Ltd) C:\WINDOWS\system32\dllcache\aztw2320.sys 2015-11-23 21:58 - 2001-08-17 12:13 - 00089952 ____C (AVM GmbH) C:\WINDOWS\system32\dllcache\b1cbase.sys 2015-11-23 21:58 - 2001-08-17 12:13 - 00037568 ____C (AVM GmbH) C:\WINDOWS\system32\dllcache\avmwan.sys 2015-11-23 21:58 - 2001-08-17 12:11 - 00096640 ____C (Broadcom Corporation) C:\WINDOWS\system32\dllcache\b57xp32.sys 2015-11-23 21:57 - 2015-11-24 18:34 - 00029231 _____ C:\FRST.txt 2015-11-23 21:57 - 2008-04-13 13:46 - 00038912 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\avc.sys 2015-11-23 21:57 - 2008-04-13 13:46 - 00013696 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\avcstrm.sys 2015-11-23 21:57 - 2002-08-29 01:59 - 00036224 ____C (ADMtek Incorporated.) C:\WINDOWS\system32\dllcache\an983.sys 2015-11-23 21:57 - 2001-08-17 22:37 - 00024576 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\agcgauge.ax 2015-11-23 21:57 - 2001-08-17 22:36 - 00144384 ____C (AVM GmbH) C:\WINDOWS\system32\dllcache\avmenum.dll 2015-11-23 21:57 - 2001-08-17 22:36 - 00087552 ____C (AVM GmbH) C:\WINDOWS\system32\dllcache\avmcoxp.dll 2015-11-23 21:57 - 2001-08-17 22:36 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\atievxx.exe 2015-11-23 21:57 - 2001-08-17 14:56 - 00268160 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atidvai.dll 2015-11-23 21:57 - 2001-08-17 14:56 - 00137216 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atidrae.dll 2015-11-23 21:57 - 2001-08-17 14:56 - 00104832 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atiraged.dll 2015-11-23 21:57 - 2001-08-17 14:55 - 00382592 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atidrab.dll 2015-11-23 21:57 - 2001-08-17 14:55 - 00096128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ati.dll 2015-11-23 21:57 - 2001-08-17 14:07 - 00056960 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\aic78xx.sys 2015-11-23 21:57 - 2001-08-17 14:07 - 00055168 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\aic78u2.sys 2015-11-23 21:57 - 2001-08-17 14:01 - 00036096 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\avcaudio.sys 2015-11-23 21:57 - 2001-08-17 13:57 - 00077568 ____C (ATI Technologies, Inc.) C:\WINDOWS\system32\dllcache\ati.sys 2015-11-23 21:57 - 2001-08-17 13:52 - 00026496 ____C (Advanced System Products, Inc.) C:\WINDOWS\system32\dllcache\asc.sys 2015-11-23 21:57 - 2001-08-17 13:52 - 00022400 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\asc3350p.sys 2015-11-23 21:57 - 2001-08-17 13:52 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\aha154x.sys 2015-11-23 21:57 - 2001-08-17 13:52 - 00012032 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\amsint.sys 2015-11-23 21:57 - 2001-08-17 13:51 - 00014848 ____C (Advanced System Products, Inc.) C:\WINDOWS\system32\dllcache\asc3550.sys 2015-11-23 21:57 - 2001-08-17 13:51 - 00005248 ____C (Acer Laboratories Inc.) C:\WINDOWS\system32\dllcache\aliide.sys 2015-11-23 21:57 - 2001-08-17 13:49 - 00026624 ____C (Acer Laboratories Inc.) C:\WINDOWS\system32\dllcache\alifir.sys 2015-11-23 21:57 - 2001-08-17 13:47 - 00006272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\apmbatt.sys 2015-11-23 21:57 - 2001-08-17 12:49 - 00075136 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atimpae.sys 2015-11-23 21:57 - 2001-08-17 12:49 - 00049920 ____C C:\WINDOWS\system32\dllcache\atirtcap.sys 2015-11-23 21:57 - 2001-08-17 12:49 - 00046464 ____C C:\WINDOWS\system32\dllcache\atibt829.sys 2015-11-23 21:57 - 2001-08-17 12:49 - 00026880 ____C C:\WINDOWS\system32\dllcache\atirtsnd.sys 2015-11-23 21:57 - 2001-08-17 12:49 - 00026624 ____C C:\WINDOWS\system32\dllcache\ativxbar.sys 2015-11-23 21:57 - 2001-08-17 12:49 - 00023552 ____C C:\WINDOWS\system32\dllcache\atixbar.sys 2015-11-23 21:57 - 2001-08-17 12:49 - 00019456 ____C C:\WINDOWS\system32\dllcache\ativttxx.sys 2015-11-23 21:57 - 2001-08-17 12:49 - 00017152 ____C C:\WINDOWS\system32\dllcache\atitvsnd.sys 2015-11-23 21:57 - 2001-08-17 12:49 - 00017152 ____C C:\WINDOWS\system32\dllcache\atitunep.sys 2015-11-23 21:57 - 2001-08-17 12:49 - 00010240 ____C C:\WINDOWS\system32\dllcache\atipcxxx.sys 2015-11-23 21:57 - 2001-08-17 12:49 - 00009472 ____C C:\WINDOWS\system32\dllcache\ativmdcd.sys 2015-11-23 21:57 - 2001-08-17 12:48 - 00289664 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atimpab.sys 2015-11-23 21:57 - 2001-08-17 12:48 - 00281600 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atimtai.sys 2015-11-23 21:57 - 2001-08-17 12:48 - 00070528 ____C (ATI Technologies Inc.) C:\WINDOWS\system32\dllcache\atiragem.sys 2015-11-23 21:57 - 2001-08-17 12:12 - 00097354 ____C (Bay Networks, Inc.) C:\WINDOWS\system32\dllcache\aspndis3.sys 2015-11-23 21:57 - 2001-08-17 12:11 - 00027678 ____C (Acer Laboratories Inc.) C:\WINDOWS\system32\dllcache\ali5261.sys 2015-11-23 21:57 - 2001-08-17 12:11 - 00016969 ____C (AmbiCom, Inc.) C:\WINDOWS\system32\dllcache\amb8002.sys 2015-11-23 21:56 - 2015-11-23 21:56 - 01718784 _____ (Farbar) C:\FRST.exe 2015-11-23 21:56 - 2008-04-13 13:46 - 00053376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\1394bus.sys 2015-11-23 21:56 - 2008-04-13 13:46 - 00048128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\61883.sys 2015-11-23 21:56 - 2008-04-13 13:40 - 00012288 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\4mmdat.sys 2015-11-23 21:56 - 2002-08-29 02:00 - 00231552 ____C (Acer Laboratories Inc.) C:\WINDOWS\system32\dllcache\ac97ali.sys 2015-11-23 21:56 - 2002-08-29 02:00 - 00084480 ____C (VIA Technologies, Inc.) C:\WINDOWS\system32\dllcache\ac97via.sys 2015-11-23 21:56 - 2002-08-29 02:00 - 00010880 ____C (Aureal, Inc.) C:\WINDOWS\system32\dllcache\admjoy.sys 2015-11-23 21:56 - 2001-08-17 22:36 - 00462848 ____C (Aureal Inc.) C:\WINDOWS\system32\dllcache\a3dapi.dll 2015-11-23 21:56 - 2001-08-17 22:36 - 00061440 ____C (Color Flatbed Scanner) C:\WINDOWS\system32\dllcache\acerscad.dll 2015-11-23 21:56 - 2001-08-17 14:55 - 00689216 ____C (3dfx Interactive, Inc.) C:\WINDOWS\system32\dllcache\3dfxvs.dll 2015-11-23 21:56 - 2001-08-17 14:55 - 00038400 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\8514a.dll 2015-11-23 21:56 - 2001-08-17 14:07 - 00101888 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\adpu160m.sys 2015-11-23 21:56 - 2001-08-17 14:06 - 00011264 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\1394vdbg.sys 2015-11-23 21:56 - 2001-08-17 13:53 - 00007424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\adicvls.sys 2015-11-23 21:56 - 2001-08-17 13:52 - 00023552 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\abp480n5.sys 2015-11-23 21:56 - 2001-08-17 13:28 - 00762780 ____C (3Com, Inc.) C:\WINDOWS\system32\dllcache\3cwmcru.sys 2015-11-23 21:56 - 2001-08-17 12:48 - 00148352 ____C (3dfx Interactive, Inc.) C:\WINDOWS\system32\dllcache\3dfxvsm.sys 2015-11-23 21:56 - 2001-08-17 12:20 - 00297728 ____C (Silicon Integrated Systems Corp.) C:\WINDOWS\system32\dllcache\ac97sis.sys 2015-11-23 21:56 - 2001-08-17 12:20 - 00096256 ____C (Intel Corporation) C:\WINDOWS\system32\dllcache\ac97intc.sys 2015-11-23 21:56 - 2001-08-17 12:19 - 00747392 ____C (Aureal, Inc.) C:\WINDOWS\system32\dllcache\adm8830.sys 2015-11-23 21:56 - 2001-08-17 12:19 - 00584448 ____C (Aureal, Inc.) C:\WINDOWS\system32\dllcache\adm8810.sys 2015-11-23 21:56 - 2001-08-17 12:19 - 00553984 ____C (Aureal, Inc.) C:\WINDOWS\system32\dllcache\adm8820.sys 2015-11-23 21:56 - 2001-08-17 12:11 - 00046112 ____C (Adaptec, Inc ) C:\WINDOWS\system32\dllcache\adptsf50.sys 2015-11-23 21:56 - 2001-08-17 12:11 - 00020160 ____C (ADMtek Incorporated) C:\WINDOWS\system32\dllcache\adm8511.sys 2015-11-23 21:55 - 2001-08-17 14:56 - 00066048 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\s3legacy.dll 2015-11-23 21:54 - 2015-11-23 19:57 - 04397752 _____ (Kaspersky Lab ZAO) C:\ob9.exe 2015-11-23 21:52 - 2015-11-09 22:00 - 18979400 _____ C:\1293478.exe 2015-11-23 21:52 - 2012-02-01 10:52 - 00472064 _____ ( ) C:\RootRepeal.exe 2015-11-23 21:38 - 2015-11-23 21:42 - 00000000 ____D C:\AdwCleaner 2015-11-23 21:21 - 2015-11-23 21:21 - 00000000 ____D C:\Qoobox 2015-11-23 21:20 - 2015-11-24 14:59 - 00000000 ___SD C:\32788R22FWJFW 2015-11-23 21:20 - 2015-11-23 21:20 - 00000000 ____D C:\WINDOWS\erdnt 2015-11-23 21:20 - 2015-11-23 21:16 - 01733632 _____ C:\AdwCleaner.exe 2015-11-23 21:20 - 2015-11-23 21:16 - 01599080 _____ (Malwarebytes) C:\JRT.exe 2015-11-23 21:20 - 2015-11-23 21:15 - 05640282 ____R (Swearware) C:\ComboFix.exe 2015-11-23 21:18 - 2015-09-16 17:24 - 02019656 _____ (Bleeping Computer, LLC) C:\rkill.exe 2015-11-23 19:48 - 2015-11-23 19:48 - 22908888 _____ (Malwarebytes ) C:\Documents and Settings\Owner\Desktop\mbam-setup-2.2.0.1024 (1).exe 2015-11-23 19:22 - 2015-11-23 19:22 - 01419608 _____ C:\WINDOWS\system32\321.log 2015-11-23 19:21 - 2015-11-24 18:33 - 00000000 ____D C:\FRST 2015-11-23 19:21 - 2015-11-23 21:56 - 00000000 ____D C:\FRST-OlderVersion 2015-11-23 19:19 - 2015-11-23 19:19 - 22908888 _____ (Malwarebytes ) C:\Documents and Settings\Owner\Desktop\mbam-setup-2.2.0.1024.exe 2015-11-23 19:17 - 2015-11-23 19:17 - 00000654 _____ C:\Documents and Settings\Owner\Desktop\Shortcut to recuva.exe.lnk 2015-11-23 19:17 - 2015-04-08 11:23 - 03888920 _____ (Piriform Ltd) C:\Documents and Settings\Owner\Desktop\recuva.exe 2015-11-23 19:00 - 2015-11-23 19:12 - 00000000 ____D C:\Program Files\Recuva 2015-11-23 18:45 - 2015-11-24 12:26 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\LogMeIn Rescue Applet 2015-11-20 19:38 - 2015-11-20 20:02 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro 2015-11-20 11:15 - 2015-11-20 11:18 - 00000000 ____D C:\Program Files\Microsoft Photo Editor 2015-11-20 11:15 - 2015-11-20 11:15 - 00000693 _____ C:\Documents and Settings\All Users\Desktop\Microsoft Photo Editor.lnk 2015-11-20 11:15 - 2015-11-20 11:15 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Photo Editor 2015-11-20 10:20 - 2015-11-20 10:20 - 00001978 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Publisher.lnk 2015-11-20 10:20 - 2015-11-20 10:20 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Small Business Tools 2015-11-20 10:18 - 2015-11-20 10:18 - 00000000 ____D C:\Program Files\Snapshot Viewer 2015-11-20 10:10 - 2015-11-21 20:03 - 00002479 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk 2015-11-20 10:10 - 2015-11-20 10:10 - 00002046 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Outlook.lnk 2015-11-20 10:10 - 2015-11-20 10:10 - 00002030 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk 2015-11-20 10:10 - 2015-11-20 10:10 - 00002002 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft PowerPoint.lnk 2015-11-20 10:10 - 2015-11-20 10:10 - 00002002 _____ C:\Documents and Settings\All Users\Start Menu\Open Office Document.lnk 2015-11-20 10:10 - 2015-11-20 10:10 - 00001992 _____ C:\Documents and Settings\All Users\Start Menu\New Office Document.lnk 2015-11-20 10:10 - 2015-11-20 10:10 - 00001990 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Access.lnk 2015-11-20 10:10 - 2015-11-20 10:10 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools 2015-11-20 10:09 - 2015-11-20 10:19 - 00000000 ____D C:\WINDOWS\ShellNew 2015-11-20 10:09 - 2015-11-20 10:09 - 00000000 ____D C:\Program Files\Common Files\Designer 2015-11-20 10:08 - 2015-11-20 10:19 - 00000000 ____D C:\Program Files\Microsoft Office 2015-10-27 20:33 - 2015-10-27 20:33 - 00000000 ____D C:\Program Files\Common Files\Apple 2015-10-27 20:32 - 2015-10-27 20:32 - 00001604 _____ C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk 2015-10-27 20:32 - 2015-10-27 20:32 - 00000000 ____D C:\Program Files\QuickTime 2015-10-27 20:32 - 2015-10-27 20:32 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime 2015-10-27 20:19 - 2015-10-27 20:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple 2015-10-22 22:08 - 2015-10-22 22:09 - 00111307 _____ C:\Documents and Settings\Owner\My Documents\securedoc_20151022T130953.html 2015-10-21 20:16 - 2015-11-23 19:14 - 00000000 ____D C:\Documents and Settings\Owner\Desktop\Old Firefox Data 2015-10-02 20:29 - 2015-11-23 19:14 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\The Buckeye Hosteler ==================== Three Months Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-24 18:34 - 2008-11-01 13:21 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Temp 2015-11-24 17:44 - 2008-11-03 01:25 - 01831503 _____ C:\WINDOWS\WindowsUpdate.log 2015-11-24 15:28 - 2012-02-08 22:51 - 00000617 _____ C:\Documents and Settings\All Users\Desktop\Webroot SecureAnywhere.lnk 2015-11-24 15:28 - 2008-11-01 13:12 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-11-24 15:28 - 2008-10-31 19:11 - 00000159 _____ C:\WINDOWS\wiadebug.log 2015-11-24 15:28 - 2008-10-31 19:11 - 00000050 _____ C:\WINDOWS\wiaservc.log 2015-11-24 15:25 - 2008-11-01 13:21 - 00000178 ___SH C:\Documents and Settings\Owner\ntuser.ini 2015-11-24 15:25 - 2008-11-01 13:20 - 00032418 _____ C:\WINDOWS\SchedLgU.Txt 2015-11-24 04:05 - 2012-02-08 22:48 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\WRData 2015-11-23 22:22 - 2008-11-02 22:04 - 00000116 _____ C:\WINDOWS\NeroDigital.ini 2015-11-23 22:14 - 2008-11-01 13:20 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp 2015-11-23 21:58 - 2013-04-28 02:02 - 00102376 ____C C:\WINDOWS\setupapi.log 2015-11-23 21:42 - 2008-11-04 07:03 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Yahoo! 2015-11-23 19:45 - 2015-03-03 21:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\QufpeTbexe 2015-11-23 19:43 - 2003-07-16 15:53 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2015-11-23 19:14 - 2015-01-04 14:37 - 00000000 ____D C:\Documents and Settings\Sara\Application Data\pdf995 2015-11-23 19:14 - 2014-12-16 21:27 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\3D Graffiti 2015-11-23 19:14 - 2014-09-12 15:58 - 00000000 ____D C:\Documents and Settings\Sara\Local Settings\Application Data\Google 2015-11-23 19:14 - 2014-09-12 15:58 - 00000000 ____D C:\Documents and Settings\Sara 2015-11-23 19:14 - 2014-05-09 21:37 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Mozilla 2015-11-23 19:14 - 2014-04-27 18:21 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Google 2015-11-23 19:14 - 2013-11-19 20:52 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\Girls on Bikes 2015-11-23 19:14 - 2013-05-04 23:51 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\D Drive stuff 2015-11-23 19:14 - 2012-07-18 21:48 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\Divorce Stuff 2015-11-23 19:14 - 2012-07-17 21:44 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\CB250 Nighthawk Info 2015-11-23 19:14 - 2011-03-24 18:25 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Malwarebytes 2015-11-23 19:14 - 2010-12-13 22:04 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\Stuff For Sale 2015-11-23 19:14 - 2010-07-11 00:36 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\My Scans 2015-11-23 19:14 - 2010-07-11 00:36 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\HP 2015-11-23 19:14 - 2009-11-24 18:23 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\Subaru_Legacy_Parts_manuals 2015-11-23 19:14 - 2009-04-05 14:47 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\pdf995 2015-11-23 19:14 - 2009-03-12 19:46 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\TaxCut 2015-11-23 19:14 - 2009-03-12 19:43 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\TaxCut 2015-11-23 19:14 - 2009-02-20 22:24 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\Porn 2015-11-23 19:14 - 2009-01-31 21:54 - 00000000 ____D C:\Documents and Settings\Owner\My Documents\Symantec 2015-11-23 19:14 - 2008-12-07 11:59 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Real 2015-11-23 19:14 - 2008-11-04 23:22 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Ahead 2015-11-23 19:14 - 2008-11-03 22:15 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Adobe 2015-11-23 19:14 - 2008-11-02 23:35 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Earthlink 2015-11-23 19:14 - 2008-11-02 21:10 - 00000000 ____D C:\Documents and Settings\Steve 2015-11-23 19:14 - 2008-11-01 13:21 - 00000000 ____D C:\Documents and Settings\Owner 2015-11-23 19:14 - 2008-11-01 13:20 - 00000000 __SHD C:\Documents and Settings\LocalService 2015-11-23 19:14 - 2008-11-01 13:11 - 00000000 __SHD C:\Documents and Settings\All Users\DRM 2015-11-23 19:13 - 2012-08-26 09:54 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\DivX 2015-11-23 19:13 - 2011-03-24 18:25 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes 2015-11-23 19:13 - 2010-09-18 11:11 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\webroot 2015-11-23 19:13 - 2009-02-13 19:47 - 00000000 ____D C:\cabs 2015-11-23 19:13 - 2009-01-31 21:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Norton 2015-11-23 19:13 - 2008-11-08 17:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SBT 2015-11-23 19:13 - 2008-11-02 21:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Creative 2015-11-23 19:13 - 2008-11-01 13:17 - 00000000 ____D C:\DELL 2015-11-21 22:11 - 2008-11-05 20:18 - 00000000 ____D C:\Program Files\Microsoft Money 2015-11-20 12:21 - 2010-06-08 20:51 - 00000000 ____D C:\Documents and Settings\Owner\Local Settings\Application Data\Help 2015-11-20 12:21 - 2008-10-31 19:08 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2015-11-20 12:21 - 2008-10-31 19:03 - 00000000 ____D C:\WINDOWS\system 2015-11-20 10:20 - 2008-11-02 23:30 - 00000453 ____C C:\WINDOWS\ODBC.INI 2015-11-20 10:18 - 2008-11-01 13:17 - 00000000 ____D C:\Program Files\microsoft frontpage 2015-11-20 10:18 - 2008-11-01 13:10 - 00000000 ____D C:\Program Files\Common Files\System 2015-11-20 10:10 - 2003-07-16 15:51 - 00000716 _____ C:\WINDOWS\win.ini 2015-11-20 10:09 - 2008-10-31 19:03 - 00000000 ____D C:\WINDOWS\Media 2015-11-20 08:16 - 2012-02-08 22:51 - 00172328 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll 2015-11-17 23:01 - 2008-11-01 13:43 - 00138240 _____ C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-11-16 22:45 - 2008-11-02 20:57 - 00373861 _____ C:\WINDOWS\wmsetup.log 2015-11-13 20:32 - 2013-08-15 02:03 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-11-13 20:08 - 2008-11-02 23:25 - 143250520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-11-12 04:28 - 2014-04-27 18:26 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk 2015-11-10 19:32 - 2015-04-15 02:33 - 04699336 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe 2015-11-10 19:32 - 2012-04-25 20:54 - 00780488 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2015-11-10 19:32 - 2012-01-24 20:26 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2015-11-05 20:22 - 2011-11-01 20:36 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\vlc 2015-11-03 22:15 - 2015-02-26 07:49 - 00025600 ____T (Webroot) C:\WINDOWS\system32\Drivers\wrUrlFlt.sys 2015-11-01 21:48 - 2008-10-31 19:08 - 00522814 ____C C:\WINDOWS\system32\PerfStringBackup.INI 2015-10-28 21:30 - 2008-11-23 18:45 - 00000000 ____D C:\Documents and Settings\Owner\Application Data\Apple Computer 2015-10-28 21:28 - 2008-11-23 18:40 - 00000000 ____D C:\Program Files\Apple Software Update 2015-10-27 20:31 - 2008-11-23 18:41 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer 2015-10-27 20:19 - 2008-11-23 18:40 - 00001830 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk ==================== Files in the root of some directories ======= 2014-04-27 18:21 - 2014-04-27 18:21 - 0000000 ____C () C:\Program Files\GUM6F.tmp 2008-11-01 13:43 - 2015-11-17 23:01 - 0138240 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2008-11-05 19:08 - 2008-11-05 19:08 - 0000128 ____C () C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat 2015-06-29 22:04 - 2015-06-29 22:04 - 0000600 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\PUTTY.RND 2010-10-05 17:15 - 2010-11-01 19:14 - 0001940 ____C () C:\Documents and Settings\Owner\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini Some files in TEMP: ==================== C:\Documents and Settings\Owner\Local Settings\Temp\sqlite3.dll C:\Documents and Settings\Steve\Local Settings\Temp\BandooV3.exe C:\Documents and Settings\Steve\Local Settings\Temp\flvplayer_setup.exe C:\Documents and Settings\Steve\Local Settings\Temp\vlc-1.1.11-win32.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of FRST.txt ============================