Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-01-2015 Ran by Travis P. Verrett (administrator) on TRAVIS (08-01-2016 15:42:21) Running from C:\Documents and Settings\Travis P. Verrett\Desktop Loaded Profiles: Travis P. Verrett & Tesha M. Verrett (Available Profiles: Travis P. Verrett & Tesha M. Verrett) Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (iolo technologies, LLC) C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE () C:\Program Files\AVG Secure Search\vprot.exe (iolo technologies, LLC) C:\Program Files\iolo\System Mechanic\ioloGovernor.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (GIGABYTE TECHNOLOGY CO., LTD.) C:\Program Files\Gigabyte\Common\GNConfig.exe (Google Inc.) C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Google\Update\1.3.29.1\GoogleCrashHandler.exe (Phoenix Technologies Ltd.) C:\WINDOWS\system32\PhnxCDSvr.exe (AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\19.1.0\ToolbarUpdater.exe () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\19.1.0\loggingserver.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [20145368 2013-06-24] (Realtek Semiconductor Corp.) HKLM\...\Run: [] => [X] HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [2573712 2015-12-12] () HKLM\...\Run: [ioloGovernor] => C:\Program Files\iolo\System Mechanic\ioloGovernor.exe [975272 2015-12-09] (iolo technologies, LLC) HKLM\...\Run: [VerizonCloud] => C:\Program Files\Verizon\Verizon Cloud\VerizonCloud.exe [2134168 2015-11-24] () Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2006-04-04] (ATI Technologies Inc.) Winlogon\Notify\TPSvc: TPSvc.dll [X] HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\GPhotos.scr [4435968 2012-03-22] (Google Inc.) HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\GPhotos.scr [4435968 2012-03-22] (Google Inc.) HKU\S-1-5-21-4224252993-2327142291-3998364205-1006\...\Run: [TBHostSupport] => "C:\WINDOWS\system32\Rundll32.exe" "C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin HKU\S-1-5-21-4224252993-2327142291-3998364205-1006\...\Run: [Google Update] => C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.) HKU\S-1-5-21-4224252993-2327142291-3998364205-1006\...\Run: [HLBackupScheduler] => C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe [7065224 2012-08-20] () HKU\S-1-5-21-4224252993-2327142291-3998364205-1006\...\Run: [SynchronossPC] => C:\Program Files\Verizon\Verizon Cloud\VerizonCloud.exe [2134168 2015-11-24] () HKU\S-1-5-21-4224252993-2327142291-3998364205-1006\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x95000000 HKU\S-1-5-21-4224252993-2327142291-3998364205-1006\...\MountPoints2: {caa7898e-1033-11e0-981f-0016e6354cc5} - E:\KODAK_Software_Downloader.exe HKU\S-1-5-21-4224252993-2327142291-3998364205-1006\...\MountPoints2: {e7da65b6-a704-11e2-9b98-0016e6354cc5} - E:\setup.exe -a HKU\S-1-5-21-4224252993-2327142291-3998364205-1007\...\MountPoints2: C - C:\setup.exe HKU\S-1-5-21-4224252993-2327142291-3998364205-1007\...\MountPoints2: {1d073e48-901a-11db-a13d-806d6172696f} - C:\setup.exe HKU\S-1-5-21-4224252993-2327142291-3998364205-1007\...\MountPoints2: {7426675d-6f1e-11db-b368-806d6172696f} - C:\setup.exe HKU\S-1-5-21-4224252993-2327142291-3998364205-1007\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\GPhotos.scr [4435968 2012-03-22] (Google Inc.) ShellIconOverlayIdentifiers: [ SncrOverlays (Blocked)] -> {C418E880-6280-4010-A888-FD76028E5511} => C:\Program Files\Verizon\Verizon Cloud\x86\Sncr.Overlays.dll [2015-11-24] (Synchronoss Technologies Inc.) ShellIconOverlayIdentifiers: [ SncrOverlays (InSync)] -> {5F4A6070-DB92-4C56-A487-F3850430608F} => C:\Program Files\Verizon\Verizon Cloud\x86\Sncr.Overlays.dll [2015-11-24] (Synchronoss Technologies Inc.) ShellIconOverlayIdentifiers: [ SncrOverlays (Pending)] -> {EE73A341-C788-4A6B-B1EF-DDBFC0F190B6} => C:\Program Files\Verizon\Verizon Cloud\x86\Sncr.Overlays.dll [2015-11-24] (Synchronoss Technologies Inc.) ShellIconOverlayIdentifiers: [ SncrOverlays (Syncing)] -> {28CDCD88-B179-49D6-8B21-1A9AF9C0AE13} => C:\Program Files\Verizon\Verizon Cloud\x86\Sncr.Overlays.dll [2015-11-24] (Synchronoss Technologies Inc.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Gigabyte Wireless Utility.lnk [2013-04-07] ShortcutTarget: Gigabyte Wireless Utility.lnk -> C:\Program Files\Gigabyte\Common\GNConfig.exe (GIGABYTE TECHNOLOGY CO., LTD.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-01-08] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.266\SSScheduler.exe (McAfee, Inc.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SystweakDisabled [2014-01-10] () Startup: C:\Documents and Settings\Travis P. Verrett\Start Menu\Programs\Startup\SystweakDisabled [2014-01-10] () BootExecute: "autocheck autochk * " ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12 Tcpip\..\Interfaces\{FE7E2842-180C-4EFB-A323-C32B0F61E923}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-4224252993-2327142291-3998364205-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-4224252993-2327142291-3998364205-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=130967596449843750&GUID=00000000-0000-0000-0000-000000000000 HKU\S-1-5-21-4224252993-2327142291-3998364205-1006\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-4224252993-2327142291-3998364205-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8 HKU\S-1-5-21-4224252993-2327142291-3998364205-1006\Software\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://www.yahoo.com/?fr=fp-yie8 HKU\S-1-5-21-4224252993-2327142291-3998364205-1007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=130967596450937500&GUID=00000000-0000-0000-0000-000000000000 HKU\S-1-5-21-4224252993-2327142291-3998364205-1007\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-4224252993-2327142291-3998364205-1007\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 HKU\S-1-5-21-4224252993-2327142291-3998364205-1007\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8 URLSearchHook: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll (Yahoo! Inc.) URLSearchHook: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 - (No Name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - No File SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=2481843434744400&q={searchTerms} SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=883&systemid=2&apn_dtid=IME002&apn_ptnrs=AG2&o=APN10641&apn_uid=3474105202154193&q={searchTerms} SearchScopes: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> DefaultScope {08259EEB-C9C4-424D-A5FB-609F06DC02E5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1 SearchScopes: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> {08259EEB-C9C4-424D-A5FB-609F06DC02E5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1 SearchScopes: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> {62A8A9DB-8F9C-4A67-AF75-5A2603907281} URL = hxxp://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms} SearchScopes: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} URL = SearchScopes: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = SearchScopes: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms} SearchScopes: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> {EEE9C612-31B1-4E7D-9196-8807A2FFF513} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3300025&SearchSource=45&UM=2&q={searchTerms} SearchScopes: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 -> {0895C1F5-D183-42F4-AAA1-C55E5E18CC48} URL = hxxp://delicious.com/search?p={searchTerms} SearchScopes: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 -> {3F001DE1-EEF0-4851-B4A7-4737EB33825E} URL = hxxp://www.flickr.com/search/?q={searchTerms} SearchScopes: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 -> {56256A51-B582-467e-B8D4-7786EDA79AE0} URL = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRxdm429YYUS&fl=0&ptb=gDNqYEZDAUedIUiDGcr3EA&url=hxxp://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=sb&searchfor={searchTerms} SearchScopes: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 -> {BF81F992-3763-4664-A87C-961176D8568E} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 SearchScopes: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 -> {C3595406-67A7-45D7-B6D0-BE6F201A7EE6} URL = hxxp://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms} SearchScopes: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 -> {E46774EB-D93A-4771-841D-222A9D740103} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8 BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll [2013-08-07] (Yahoo! Inc.) BHO: Protect My Choices (Beta) -> {3DFCDCA1-AEAC-4302-A690-BFB683568BAA} -> C:\Program Files\DigitalAdvertisingAlliance\Protect My Choices\pmc.dll [2013-10-29] (Digital Advertising Alliance) BHO: AT&&T Toolbar -> {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} -> No File BHO: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Secure Search\19.1.0.285\AVG Secure Search_toolbar.dll [2015-12-12] (AVG Secure Search) BHO: No Name -> {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} -> No File BHO: No Name -> {D5233FCD-D258-4903-89B8-FB1568E7413D} -> No File BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-11-07] (Sun Microsystems, Inc.) Toolbar: HKLM - AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll [2013-08-07] (Yahoo! Inc.) Toolbar: HKLM - No Name - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No File Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\19.1.0.285\AVG Secure Search_toolbar.dll [2015-12-12] (AVG Secure Search) Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll [2013-08-07] (Yahoo! Inc.) Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> No Name - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1006 -> No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 -> Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn10\yt.dll [2013-08-07] (Yahoo! Inc.) Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 -> No Name - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File Toolbar: HKU\S-1-5-21-4224252993-2327142291-3998364205-1007 -> AT&&T Toolbar - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} hxxps://setup.bellsouth.net/wizlet/PWReset/static/controls/WebflowActiveXInstaller_6-1-2.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\19.1.0\ViProtocol.dll [2015-12-12] (AVG Secure Search) FireFox: ======== FF ProfilePath: C:\Documents and Settings\Travis P. Verrett\Application Data\Mozilla\Firefox\Profiles\1f08zw7f.default-1449198663546 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-28] () FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\19.1.0\\npsitesafety.dll [No File] FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2012-03-22] (Google, Inc.) FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-11-07] (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll [2010-11-08] (Alcatel-Lucent) FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [2011-10-05] (Google) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-07] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-07] (Google Inc.) FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] () FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-4224252993-2327142291-3998364205-1006: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-07] (Google Inc.) FF Plugin HKU\S-1-5-21-4224252993-2327142291-3998364205-1006: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-07] (Google Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2015-12-12] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-22] [not signed] FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2011-11-07] [not signed] FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\18.9.0.230 => not found FF HKU\S-1-5-19\...\Firefox\Extensions: [{57E72829-C158-4341-BBED-58F0AD1740FD}] - C:\Program Files\Google\Google Photos Screensaver\FF_ext FF Extension: Google Photos Screensaver - C:\Program Files\Google\Google Photos Screensaver\FF_ext [2007-07-12] [not signed] FF HKU\S-1-5-20\...\Firefox\Extensions: [{57E72829-C158-4341-BBED-58F0AD1740FD}] - C:\Program Files\Google\Google Photos Screensaver\FF_ext FF HKU\S-1-5-21-4224252993-2327142291-3998364205-1006\...\Firefox\Extensions: [{57E72829-C158-4341-BBED-58F0AD1740FD}] - C:\Program Files\Google\Google Photos Screensaver\FF_ext FF HKU\S-1-5-21-4224252993-2327142291-3998364205-1007\...\Firefox\Extensions: [{57E72829-C158-4341-BBED-58F0AD1740FD}] - C:\Program Files\Google\Google Photos Screensaver\FF_ext Chrome: ======= CHR Profile: C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Google\Chrome\User Data\Default CHR Extension: (Learn European Languages (FREE VERSION)) - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aifpigcngkjdlbkjmkmhkhmhaepoielk [2011-11-22] CHR Extension: (SweetPacks) - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff [2013-11-25] [UpdateUrl: hxxp://autoupdate.chromewebtb.conduit-services.com/sb/?productId=CT3310511&extensionData=\u003Cextension_data\u003E] <==== ATTENTION CHR Extension: (SweetPacks A1) - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fgnjomjlkaenpngklfddmaodjljpjblk [2013-11-25] [UpdateUrl: hxxp://autoupdate.chromewebtb.conduit-services.com/sb/?productId=CT3314198&extensionData=\u003Cextension_data\u003E] <==== ATTENTION CHR Extension: (Public Records) - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igpdfipnfjfpfadaacpmdlfbecbibban [2011-11-22] CHR Extension: (Yellowbook) - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ikkoebehlleebbldgmmmambgdfnhihfm [2011-11-22] CHR Extension: (DefaultTab) - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc [2014-12-14] CHR Extension: (Torch Share) - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof [2014-12-14] CHR Extension: (AVG SafeGuard toolbar) - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-11-25] CHR Extension: (Google Wallet) - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-25] CHR HKLM\...\Chrome\Extension: [banjjklfojcdbofbhbgiedekefohoaff] - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\CRE\banjjklfojcdbofbhbgiedekefohoaff.crx [2013-10-07] CHR HKLM\...\Chrome\Extension: [fgnjomjlkaenpngklfddmaodjljpjblk] - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\CRE\fgnjomjlkaenpngklfddmaodjljpjblk.crx [2013-09-09] CHR HKLM\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Torch\Plugins\TorchPlugin.crx [2013-04-17] CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar\ChromeExt\14.0.0.12\avg.crx [2013-04-18] CHR HKU\S-1-5-21-4224252993-2327142291-3998364205-1006\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [banjjklfojcdbofbhbgiedekefohoaff] - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\CRE\banjjklfojcdbofbhbgiedekefohoaff.crx [2013-10-07] CHR HKU\S-1-5-21-4224252993-2327142291-3998364205-1006\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-4224252993-2327142291-3998364205-1006\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fgnjomjlkaenpngklfddmaodjljpjblk] - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\CRE\fgnjomjlkaenpngklfddmaodjljpjblk.crx [2013-09-09] StartMenuInternet: chrome.exe - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Google\Chrome\Application\chrome.exe StartMenuInternet: Google Chrome - C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG) S4 IBUpdaterService; C:\WINDOWS\system32\dmwu.exe [1435440 2013-09-17] () S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed] S4 InCDsrv; C:\Program Files\Ahead\InCD\InCDsrv.exe [1192050 2004-08-27] (Ahead Software AG) [File not signed] S4 InCDsrvR; C:\Program Files\Ahead\InCD\InCDsrv.exe [1192050 2004-08-27] (Ahead Software AG) [File not signed] R2 ioloSystemService; C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [4681128 2015-12-09] (iolo technologies, LLC) S4 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2011-11-07] (Sun Microsystems, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [235696 2015-12-02] (McAfee, Inc.) S4 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [223088 2011-04-26] () S2 MSSQL$ACT7; C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe [7544916 2003-05-31] (Microsoft Corporation) [File not signed] S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation) [File not signed] S2 NwSapAgent; C:\WINDOWS\system32\svchost.exe [14336 2008-04-14] (Microsoft Corporation) S4 O2FLASH; C:\WINDOWS\system32\DRIVERS\o2flash.exe [72224 2008-11-06] (O2Micro International) S4 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed] R2 PhnxVCDService; C:\WINDOWS\system32\PhnxCDSvr.exe [49152 2006-08-22] (Phoenix Technologies Ltd.) [File not signed] R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2259224 2015-11-24] (IBM Corp.) S3 SQLAgent$ACT7; C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation) [File not signed] R2 vToolbarUpdater19.1.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\19.1.0\ToolbarUpdater.exe [1864592 2015-12-12] (AVG Secure Search) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21419 2011-12-04] (Meetinghouse Data Communications) [File not signed] S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative) R0 amdide; C:\WINDOWS\System32\DRIVERS\amdide.sys [11904 2011-12-18] (Advanced Micro Devices Inc.) S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.) [File not signed] S3 BrSerIf; C:\WINDOWS\System32\Drivers\BrSerIf.sys [53248 2006-01-18] (Brother Industries Ltd.) [File not signed] S3 BrUsbSer; C:\WINDOWS\System32\Drivers\BrUsbSer.sys [11904 2006-01-19] (Brother Industries Ltd.) [File not signed] S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) S3 emAudio; C:\WINDOWS\System32\drivers\emAudio.sys [20736 2005-11-01] (Empia Technology, Inc.) [File not signed] R2 FBAPI; C:\WINDOWS\system32\drivers\FBAPI.sys [7412 2006-08-22] () [File not signed] R3 HBtnKey; C:\WINDOWS\System32\DRIVERS\tkbtnpn.sys [7463 2007-10-30] (Lenovo) R4 InCDfs; C:\WINDOWS\system32\Drivers\InCDfs.sys [92928 2004-08-27] (Ahead Software AG) [File not signed] R1 InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [28672 2004-08-27] (Ahead Software AG) [File not signed] U1 InCDrec; C:\WINDOWS\system32\Drivers\InCDrec.sys [7680 2004-08-27] (Ahead Software AG) [File not signed] R1 incdrm; C:\WINDOWS\system32\Drivers\incdrm.sys [27648 2004-08-27] (Ahead Software AG) [File not signed] R2 Machnm32; C:\WINDOWS\system32\Machnm32.sys [2304 2006-08-22] () [File not signed] S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.) S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation) S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-11-08] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 MREMPR5; C:\Program Files\Common Files\Motive\MREMPR5.sys [19345 2004-11-22] (Motive, Inc.) [File not signed] S3 MRENDIS5; C:\Program Files\Common Files\Motive\MRENDIS5.sys [18003 2004-11-22] (Motive, Inc.) [File not signed] S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-11-08] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation) R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2006-02-28] (Microsoft Corporation) R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2006-02-28] (Microsoft Corporation) R1 PCLEPCI; C:\WINDOWS\system32\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH) [File not signed] R2 PDFsFilter; C:\WINDOWS\System32\DRIVERS\PDFsFilter.sys [69016 2015-02-06] (Raxco Software, Inc.) R3 pfc; C:\WINDOWS\system32\drivers\pfc.sys [10368 2004-11-19] (Padus, Inc.) [File not signed] R3 PhnxVcd; C:\WINDOWS\System32\Drivers\PhnxVcd.sys [44544 2006-08-22] (Phoenix Technologies Ltd.) [File not signed] R0 ptpd; C:\WINDOWS\System32\drivers\ptpd.sys [7680 2006-08-22] (Phoenix Technologies Ltd.) [File not signed] S3 qcserxp; C:\WINDOWS\System32\DRIVERS\qcserxp.sys [103424 2009-01-24] (QUALCOMM Incorporated) R1 RapportCerberus_1507079; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1507079.sys [558456 2015-12-07] (IBM Corp.) R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [294968 2015-11-24] (IBM Corp.) R0 RapportKELL; C:\WINDOWS\System32\Drivers\RapportKELL.sys [224344 2015-11-24] (IBM Corp.) R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [352408 2015-11-24] (IBM Corp.) R0 RITCPT; C:\WINDOWS\system32\Drivers\RITCPT.sys [43512 2006-08-22] () [File not signed] R3 RT73; C:\WINDOWS\System32\DRIVERS\rt73.sys [459520 2008-01-15] (Ralink Technology, Corp.) S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation) R0 SI3112r; C:\WINDOWS\System32\DRIVERS\SI3112r.sys [115752 2010-02-03] (Silicon Image, Inc) R0 SiFilter; C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys [19240 2010-02-03] (Silicon Image, Inc) S3 SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [12848 2007-10-30] (Symantec Corporation) S3 SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [145968 2007-10-30] (Symantec Corporation) S3 SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [39856 2007-10-30] (Symantec Corporation) S3 SYMIDSCO; C:\Program Files\Common Files\Symantec Shared\SymcData\ids-diskless\20080305.002\SymIDSCo.sys [240496 2008-02-13] (Symantec Corporation) S3 SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [35120 2007-10-30] (Symantec Corporation) S3 SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [27696 2007-10-30] (Symantec Corporation) S1 SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [191536 2007-10-30] (Symantec Corporation) R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation) S3 USB28xxBGA; C:\WINDOWS\System32\DRIVERS\emBDA.sys [217216 2006-02-07] (eMPIA Technology, Inc.) [File not signed] S3 USB28xxOEM; C:\WINDOWS\System32\DRIVERS\emOEM.sys [17792 2006-02-07] (eMPIA Technology, Inc.) [File not signed] S3 USB_RNDIS_XP; C:\WINDOWS\System32\DRIVERS\usb8023.sys [12928 2013-02-11] (Microsoft Corporation) R0 VVBackd5; C:\WINDOWS\system32\Drivers\VVBackd5.sys [183154 2006-08-22] () [File not signed] S3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.) S3 ADASPROT; \??\C:\Program Files\Advanced System Optimizer 3\adasprot32.sys [X] U5 ASAPIW2K; C:\Windows\System32\Drivers\ASAPIW2K.sys [11264 2005-01-10] (VOB Computersysteme GmbH) [File not signed] S3 ECIoCtrl32_001.sys; \??\D:\Utility\ICP Step\ECIoCtrl32_001.sys [X] S4 IntelIde; no ImagePath S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X] S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) S2 Scutum50; System32\Drivers\Scutum50.sys [X] S1 ulbgjnsr; \??\C:\WINDOWS\system32\drivers\ulbgjnsr.sys [X] S3 USBAAPL; System32\Drivers\usbaapl.sys [X] U1 WS2IFSL; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-08 15:42 - 2016-01-08 15:43 - 00032125 _____ C:\Documents and Settings\Travis P. Verrett\Desktop\FRST.txt 2016-01-08 15:42 - 2016-01-08 15:42 - 00000000 ____D C:\FRST 2016-01-08 15:35 - 2016-01-08 15:35 - 01721856 _____ (Farbar) C:\Documents and Settings\Travis P. Verrett\Desktop\FRST.exe 2016-01-08 14:55 - 2016-01-08 14:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus 2016-01-08 14:47 - 2016-01-08 14:47 - 00000000 ____D C:\WINDOWS\system32\MpEngineStore 2016-01-07 13:53 - 2016-01-08 13:34 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-12-30 19:30 - 2016-01-08 14:49 - 00345458 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat 2015-12-16 20:04 - 2015-12-16 20:04 - 00000837 _____ C:\Documents and Settings\Travis P. Verrett\Desktop\Verizon Cloud.lnk 2015-12-16 20:04 - 2015-12-16 20:04 - 00000000 ____D C:\Documents and Settings\Travis P. Verrett\Verizon Cloud Sync 2015-12-16 20:04 - 2015-12-16 20:04 - 00000000 ____D C:\Documents and Settings\Travis P. Verrett\Start Menu\Programs\Verizon 2015-12-16 20:04 - 2015-12-16 20:04 - 00000000 ____D C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Verizon 2015-12-16 20:03 - 2015-12-16 20:03 - 00000000 ____D C:\Program Files\Verizon ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-08 15:43 - 2007-01-11 18:57 - 00000000 ____D C:\Documents and Settings\Travis P. Verrett\Local Settings\Temp 2016-01-08 15:42 - 2006-11-08 05:44 - 00000000 ____D C:\WINDOWS 2016-01-08 15:35 - 2013-12-28 21:20 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-01-08 15:26 - 2013-12-08 15:56 - 00001026 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4224252993-2327142291-3998364205-1006UA.job 2016-01-08 15:21 - 2013-12-10 12:01 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-01-08 15:00 - 2014-03-08 16:39 - 00000240 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2016-01-08 14:55 - 2015-01-13 19:15 - 00001812 _____ C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk 2016-01-08 14:55 - 2015-01-13 19:15 - 00000000 ____D C:\Program Files\McAfee Security Scan 2016-01-08 14:51 - 2013-12-10 12:01 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-01-08 14:50 - 2015-05-24 21:23 - 00000352 _____ C:\WINDOWS\Tasks\iolo DelOnReboot.job 2016-01-08 14:50 - 2014-06-13 20:53 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2016-01-08 14:50 - 2014-03-08 16:39 - 00000246 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2016-01-08 14:50 - 2006-11-08 15:00 - 00012598 _____ C:\WINDOWS\system32\wpa.dbl 2016-01-08 14:50 - 2006-11-08 14:02 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-01-08 14:49 - 2014-01-10 15:38 - 01048576 _____ C:\WINDOWS\system32\config\iolo App.evt 2016-01-08 14:49 - 2006-11-09 10:25 - 00393216 _____ C:\WINDOWS\system32\config\ACEEvent.evt 2016-01-08 14:49 - 2006-11-08 14:02 - 00032624 _____ C:\WINDOWS\SchedLgU.Txt 2016-01-08 14:00 - 2014-03-22 20:54 - 00000462 _____ C:\WINDOWS\Tasks\At4.job 2016-01-08 13:21 - 2014-01-10 16:20 - 00000000 ____D C:\WINDOWS\system32\config\Before Compact 2016-01-08 13:21 - 2007-01-11 18:57 - 00000000 ____D C:\Documents and Settings\Travis P. Verrett 2016-01-08 13:21 - 2006-11-08 14:02 - 00000000 __SHD C:\Documents and Settings\NetworkService 2016-01-08 13:21 - 2006-11-08 14:02 - 00000000 __SHD C:\Documents and Settings\LocalService 2016-01-08 10:10 - 2014-03-22 20:54 - 00000462 _____ C:\WINDOWS\Tasks\At1.job 2016-01-08 10:01 - 2013-12-04 20:07 - 00000820 _____ C:\WINDOWS\Tasks\Google Software Updater.job 2016-01-08 01:49 - 2007-01-11 18:57 - 00000000 ____D C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\ApplicationHistory 2016-01-07 21:54 - 2014-03-22 20:54 - 00000462 _____ C:\WINDOWS\Tasks\At3.job 2016-01-07 20:40 - 2014-03-22 20:54 - 00000462 _____ C:\WINDOWS\Tasks\At2.job 2016-01-07 19:26 - 2013-12-08 15:56 - 00000974 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4224252993-2327142291-3998364205-1006Core.job 2016-01-07 18:00 - 2014-04-03 18:55 - 00000468 _____ C:\WINDOWS\Tasks\ParetoLogic Registration3.job 2016-01-07 13:24 - 2007-01-11 18:57 - 00000178 ___SH C:\Documents and Settings\Travis P. Verrett\ntuser.ini 2016-01-07 12:35 - 2012-04-29 07:20 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2016-01-07 12:35 - 2011-06-07 18:38 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2015-12-27 08:28 - 2014-01-10 16:20 - 00000000 ____D C:\WINDOWS\system32\config\SM Registry Backup 2015-12-21 18:19 - 2013-07-14 19:50 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-12-20 20:48 - 2006-11-10 14:18 - 137798368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-12-20 19:10 - 2014-12-30 19:13 - 00000000 ____D C:\Documents and Settings\Travis P. Verrett\Desktop\Bank Statements 2015-12-20 18:51 - 2015-07-11 16:14 - 00000000 ____D C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\HTC MediaHub 2015-12-16 20:03 - 2015-07-11 15:44 - 10909000 _____ C:\Documents and Settings\Travis P. Verrett\Downloads\2.5.192-update.exe 2015-12-16 20:03 - 2012-09-22 09:05 - 00000000 ____D C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\Backup Assistant Plus 2015-12-16 19:28 - 2011-11-14 18:54 - 00002376 _____ C:\Documents and Settings\Travis P. Verrett\Desktop\Google Chrome.lnk 2015-12-13 14:18 - 2014-01-10 15:38 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\iolo 2015-12-13 14:15 - 2014-01-11 09:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ioloGovernor 2015-12-13 14:15 - 2014-01-10 15:55 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\System Mechanic 2015-12-13 14:15 - 2006-11-08 05:44 - 00000000 ____D C:\WINDOWS\Media 2015-12-12 16:52 - 2014-03-31 20:48 - 00000000 ____D C:\WINDOWS\system32\cache 2015-12-12 16:52 - 2014-03-31 20:48 - 00000000 ____D C:\Program Files\AVG Secure Search 2015-12-09 17:00 - 2014-01-10 15:55 - 00040872 _____ (iolo technologies, LLC) C:\WINDOWS\system32\iolobtdfg.exe 2015-12-09 17:00 - 2014-01-10 15:55 - 00022952 _____ (iolo technologies, LLC) C:\WINDOWS\system32\smrgdf.exe 2015-12-09 16:57 - 2014-01-10 15:55 - 02084264 _____ (iolo technologies, LLC) C:\WINDOWS\system32\Incinerator32.dll ==================== Files in the root of some directories ======= 2011-10-07 21:44 - 2011-10-07 21:44 - 0223195 _____ () C:\Program Files\comm_driver_rt73_vista.zip 2011-10-16 20:54 - 2011-12-04 14:18 - 13454447 _____ () C:\Program Files\comm_driver_wireless_g_v1.3.1.0.10.zip 2007-06-23 20:19 - 2013-04-19 15:54 - 0199300 _____ () C:\Program Files\INSTALL.LOG 2014-07-11 19:16 - 2014-07-11 19:16 - 0000000 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml 2012-09-24 18:29 - 2012-09-24 18:29 - 0000000 _____ () C:\Documents and Settings\Travis P. Verrett\Application Data\pdfconverter 2007-01-13 14:03 - 2014-05-17 18:59 - 0012800 _____ () C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2011-01-01 16:20 - 2011-01-01 16:20 - 0000085 _____ () C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\FASTWiz.log 2007-01-11 18:57 - 2007-01-11 18:57 - 0000140 _____ () C:\Documents and Settings\Travis P. Verrett\Local Settings\Application Data\fusioncache.dat 2014-03-22 20:49 - 2014-03-22 20:49 - 0000057 _____ () C:\Documents and Settings\All Users\Application Data\Ament.ini 2007-12-19 20:24 - 2007-12-19 20:25 - 0007471 _____ () C:\Documents and Settings\All Users\Application Data\LUInstall.LiveUpdate 2007-07-14 19:08 - 2010-03-27 19:03 - 0002925 _____ () C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache 2007-11-09 22:35 - 2012-04-25 06:04 - 0004096 _____ () C:\Documents and Settings\All Users\Application Data\ScheduledItems Files to move or delete: ==================== C:\Windows\Tasks\At1.job C:\Windows\Tasks\At2.job C:\Windows\Tasks\At3.job C:\Windows\Tasks\At4.job Some files in TEMP: ==================== C:\Documents and Settings\Tesha M. Verrett\Local Settings\Temp\IadHide5.dll C:\Documents and Settings\Travis P. Verrett\Local Settings\Temp\Browser_Update[1].exe C:\Documents and Settings\Travis P. Verrett\Local Settings\Temp\Player_Plugin[1].exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of FRST.txt ============================