Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need fixlist.txt from FRST scan result [Closed]


  • This topic is locked This topic is locked

#1
RockinRonald

RockinRonald

    New Member

  • Member
  • Pip
  • 1 posts
FRST scan result is below, the addition is attached
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-05-2014
Ran by Roland (administrator) on ROLANDPC on 01-05-2014 10:08:59
Running from C:\Users\Roland\Downloads
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Absolute Software) C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
( ) C:\Windows\System32\dlcicoms.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\ProgramData\Rpcnet\Bin\rpcld.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
() C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Dell) C:\Program Files (x86)\Dell AIO Printer 946\DLCImon.exe
(Flux Software LLC) C:\Users\Roland\AppData\Local\FluxSoftware\Flux\flux.exe
(PC Gizmos) C:\Users\Roland\AppData\Roaming\PC-Gizmos\SoundcloudDLD-PC_136528.en_87.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Absolute Software) C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\LocationNotifications.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-20] (IDT, Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [dlcimon.exe] => C:\Program Files (x86)\Dell AIO Printer 946\dlcimon.exe [435696 2007-01-12] (Dell)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2012-09-14] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [Absolute Notifier] => C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe [85864 2013-10-28] (Absolute Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-12-13] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3850090444-827405806-219126609-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation)
HKU\S-1-5-21-3850090444-827405806-219126609-1001\...\Run: [Facebook Update] => "C:\Users\Roland\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-3850090444-827405806-219126609-1001\...\Run: [TBHostSupport] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Roland\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
HKU\S-1-5-21-3850090444-827405806-219126609-1001\...\Run: [f.lux] => C:\Users\Roland\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3850090444-827405806-219126609-1001\...\Run: [PC_GIZMOS] => C:\Users\Roland\AppData\Roaming\PC-Gizmos\SoundcloudDLD-PC_136528.en_87.exe [2165248 2014-04-28] (PC Gizmos)
HKU\S-1-5-21-3850090444-827405806-219126609-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21822128 2014-01-30] (Google)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.6.lnk
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3318920
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPNTDFJS
SearchScopes: HKLM - {45D4CF2E-D9AC-4E6C-97BD-255A661D9AD4} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {C545AAFA-C80B-41CF-A076-9350CFD8FB8A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {45D4CF2E-D9AC-4E6C-97BD-255A661D9AD4} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKCU - DefaultScope {C545AAFA-C80B-41CF-A076-9350CFD8FB8A} URL = http://search.condui...6034586278&UM=2
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPNTDFJS
SearchScopes: HKCU - {45D4CF2E-D9AC-4E6C-97BD-255A661D9AD4} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKCU - {C545AAFA-C80B-41CF-A076-9350CFD8FB8A} URL = http://search.condui...6034586278&UM=2
SearchScopes: HKCU - {E66FA3E5-254D-4600-8138-D1864C574D24} URL = http://websearch.ask...A0-F20561D3A784
BHO: YoutubeAdblocker - {DD425C9E-8E56-3EB9-E18F-8387FA609BAD} - C:\Program Files (x86)\YoutubeAdblocker\pv0t4WjFLd.x64.dll No File
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: SoundCloud Downloader - {A817C286-3D6B-4ECD-A99C-E44E50DBC523} - C:\Users\Roland\AppData\Roaming\PC-Gizmos\PCGizmosBHO.dll (PC Gizmos)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: YoutubeAdblocker - {DD425C9E-8E56-3EB9-E18F-8387FA609BAD} - C:\Program Files (x86)\YoutubeAdblocker\pv0t4WjFLd.dll No File
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Tcpip\Parameters: [DhcpNameServer] 216.106.137.1
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @authentec.com/ffwloplugin - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Roland\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
Chrome: 
=======
CHR HomePage: hxxp://www.ucdenver.edu/student-services/Pages/WebMail.aspx
CHR StartupUrls: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Simple Pass) - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
CHR Extension: (Dictionary of Numbers) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahhgdmkmcgahbkcbmlkpmmamemlkajaf [2014-04-27]
CHR Extension: (Google Docs) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-13]
CHR Extension: (SoundCloud Downloader) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apbeiaejbifegcmfkflngimmegifddkn [2014-02-01]
CHR Extension: (Google Drive) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-13]
CHR Extension: (YouTube) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-13]
CHR Extension: (Honey) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2013-10-09]
CHR Extension: (Google Search) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-13]
CHR Extension: (Website Logon) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo [2013-06-13]
CHR Extension: (AdBlock) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-10-14]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2013-12-24]
CHR Extension: (Ghostery Fixer) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaegpmdlhnpldpoadmnnbddbkcdmbhb [2014-04-14]
CHR Extension: (BookmarkTube) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlmllgkdgiphnejcmpibkfidhdoeadff [2013-12-20]
CHR Extension: (Ghostery) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-04-14]
CHR Extension: (Google Wallet) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Hover Zoom) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2013-07-10]
CHR Extension: (Gmail) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-13]
CHR HKCU\...\Chrome\Extension: [gddejphgogdngaihfpebjpmlkjjhmikc] - C:\Users\Roland\AppData\Local\CRE\gddejphgogdngaihfpebjpmlkjjhmikc.crx [2013-11-13]
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-07-12]
CHR HKLM-x32\...\Chrome\Extension: [gddejphgogdngaihfpebjpmlkjjhmikc] - C:\Users\Roland\AppData\Local\CRE\gddejphgogdngaihfpebjpmlkjjhmikc.crx [2013-11-13]
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx [2013-10-24]
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\Roland\AppData\Local\Slick Savings\coupons.crx [2013-11-02]
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]
 
==================== Services (Whitelisted) =================
 
R2 AbsoluteNotifier; C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [11112 2013-10-28] (Absolute Software)
R2 dlci_device; C:\Windows\system32\dlcicoms.exe [566152 2006-12-08] ( )
R2 dlci_device; C:\Windows\SysWOW64\dlcicoms.exe [537480 2006-12-08] ( )
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641320 2012-08-10] (HP)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] ()
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
R2 rpcld; C:\ProgramData\Rpcnet\Bin\rpcld.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [273040 2012-08-08] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-24] (Synaptics Incorporated)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 SmbDrv; \SystemRoot\System32\drivers\Smb_driver_AMDASF.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-01 10:08 - 2014-05-01 10:09 - 00023687 _____ () C:\Users\Roland\Downloads\FRST.txt
2014-05-01 10:08 - 2014-05-01 10:08 - 02061824 _____ (Farbar) C:\Users\Roland\Downloads\FRST64.exe
2014-05-01 10:08 - 2014-05-01 10:08 - 00000000 ____D () C:\FRST
2014-05-01 10:00 - 2014-05-01 10:00 - 00000000 ____D () C:\Windows\LastGood.Tmp
2014-05-01 09:53 - 2014-05-01 09:53 - 00285696 _____ () C:\Windows\Minidump\050114-23984-01.dmp
2014-05-01 09:52 - 2014-05-01 09:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-01 09:52 - 2014-04-14 20:13 - 00096168 _____ () C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-01 09:52 - 2014-04-14 20:05 - 00264616 _____ () C:\Windows\SysWOW64\javaws.exe
2014-05-01 09:52 - 2014-04-14 20:05 - 00175528 _____ () C:\Windows\SysWOW64\javaw.exe
2014-05-01 09:52 - 2014-04-14 20:04 - 00175016 _____ () C:\Windows\SysWOW64\java.exe
2014-05-01 09:51 - 2014-05-01 09:52 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-01 09:42 - 2014-05-01 09:42 - 00285696 _____ () C:\Windows\Minidump\050114-19171-01.dmp
2014-05-01 09:34 - 2014-05-01 09:34 - 00285696 _____ () C:\Windows\Minidump\050114-24375-01.dmp
2014-05-01 09:30 - 2014-05-01 09:30 - 00285640 _____ () C:\Windows\Minidump\050114-18718-01.dmp
2014-04-30 12:04 - 2014-05-01 10:02 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-30 10:36 - 2014-04-30 10:36 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-30 10:36 - 2014-04-30 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-30 10:36 - 2014-04-30 10:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-30 10:36 - 2014-04-30 10:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-30 10:36 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-30 10:36 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-30 10:36 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-30 10:19 - 2014-04-30 10:19 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Roland\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-30 09:08 - 2014-04-30 09:08 - 00285640 _____ () C:\Windows\Minidump\043014-32093-01.dmp
2014-04-29 17:38 - 2014-04-29 17:38 - 00064003 _____ () C:\Users\Roland\Downloads\[kickass.to]the.lord.of.the.rings.trilogy.extended.edition.1080p.bluray.anoxmous.torrent
2014-04-27 20:43 - 2014-04-27 20:43 - 00030383 _____ () C:\Users\Roland\Downloads\[kickass.to]baby.got.boobs.looking.for.a.roommate.daisy.marie.kinzi.marie.wmv.torrent
2014-04-27 20:43 - 2014-04-27 20:43 - 00016035 _____ () C:\Users\Roland\Downloads\[kickass.to]shawna.lenee.kagney.linn.karter.ebenezer.keiran.baby.got.boobs.torrent
2014-04-27 20:38 - 2014-04-27 20:38 - 00014675 _____ () C:\Users\Roland\Downloads\[kickass.to]jenaveve.jolie.audrey.bitoni.brazzers.expose.big.tits.at.school.torrent
2014-04-27 20:32 - 2014-04-27 20:32 - 00020862 _____ () C:\Users\Roland\Downloads\Kacey_Jordan_-_Sneak_in_[bleep]_-_Teens_like_it_big.9520461.TPB.torrent
2014-04-27 20:31 - 2014-04-27 20:31 - 00000909 _____ () C:\Users\Public\Desktop\SpaceEngine.lnk
2014-04-27 20:31 - 2014-04-27 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpaceEngine
2014-04-25 20:47 - 2014-04-25 20:47 - 00035426 _____ () C:\Users\Roland\Downloads\[kickass.to]bigtitsatschool.juelz.ventura.romi.rain.after.school.titty.special.brazzers.new.february.03.2014.torrent
2014-04-25 20:38 - 2014-04-25 20:38 - 00014192 _____ () C:\Users\Roland\Downloads\[kickass.to]zzseries.capri.cavanni.dani.daniels.the.[bleep].of.wall.street.ep.3.[bleep].you.work.for.me.16.april.2014.mp4.torrent
2014-04-16 15:41 - 2014-04-16 15:41 - 00287096 _____ () C:\Windows\Minidump\041614-19921-01.dmp
2014-04-12 10:29 - 2014-03-06 18:48 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-12 10:29 - 2014-03-06 18:48 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-12 10:29 - 2014-03-06 18:47 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-12 10:29 - 2014-03-06 18:47 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-12 10:29 - 2014-03-06 18:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-12 10:29 - 2014-03-06 18:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-12 10:29 - 2014-03-06 18:08 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-12 10:29 - 2014-03-06 18:08 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-12 10:29 - 2014-03-06 18:08 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-12 10:29 - 2014-03-06 18:08 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-12 10:29 - 2014-03-06 18:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-12 10:29 - 2014-03-06 18:08 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-04-12 10:29 - 2014-03-06 18:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-12 10:29 - 2014-03-06 18:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-12 10:29 - 2014-03-06 18:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-12 10:29 - 2013-05-15 16:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-04-12 10:29 - 2013-05-15 16:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-04-12 10:29 - 2013-05-14 07:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-12 10:29 - 2013-05-14 03:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-12 10:29 - 2013-02-21 04:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-12 10:29 - 2013-02-21 04:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-12 10:29 - 2013-02-21 04:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-12 10:29 - 2013-02-21 04:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-12 10:29 - 2013-02-21 04:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-12 10:29 - 2013-02-21 04:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-12 10:29 - 2013-02-19 03:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-04-12 10:29 - 2012-11-07 22:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-12 10:29 - 2012-11-07 22:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-12 10:29 - 2012-07-25 21:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-12 10:28 - 2014-03-06 18:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-12 10:28 - 2014-03-06 18:47 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-12 10:28 - 2014-03-06 18:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-12 10:28 - 2014-03-06 18:08 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-12 10:28 - 2014-02-03 17:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-12 10:28 - 2014-02-03 17:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-12 10:28 - 2014-01-30 21:55 - 00209712 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-04-12 10:28 - 2014-01-30 18:48 - 00564736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-04-12 10:28 - 2014-01-30 18:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2014-04-12 10:28 - 2014-01-30 18:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-04-12 10:28 - 2014-01-30 18:48 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 10:28 - 2014-01-30 18:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-04-12 10:28 - 2014-01-30 18:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2014-04-12 10:28 - 2014-01-30 18:06 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 10:28 - 2014-01-26 21:42 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-04-12 10:28 - 2014-01-26 21:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-12 10:28 - 2014-01-26 18:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-04-12 10:28 - 2014-01-26 18:31 - 19752448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-04-12 10:28 - 2014-01-26 17:17 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml
2014-04-12 10:28 - 2014-01-15 17:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-04-12 10:28 - 2014-01-11 00:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-12 10:28 - 2014-01-10 23:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-12 10:28 - 2014-01-02 17:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-04-12 10:28 - 2014-01-02 17:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-04-10 18:18 - 2014-04-10 18:18 - 00020172 _____ () C:\Users\Roland\Downloads\documents-export-2014-04-10.zip
2014-04-10 18:10 - 2014-04-10 18:10 - 00736849 _____ () C:\Users\Roland\Desktop\frensample.wma
2014-04-10 12:01 - 2014-04-10 12:07 - 624481632 _____ () C:\Users\Roland\Downloads\Rave Mix-Francisco Delerue.wav
2014-04-09 07:41 - 2014-02-05 17:41 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 07:41 - 2014-02-05 17:41 - 00978432 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-04-09 07:41 - 2014-02-05 17:26 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-04-09 07:41 - 2014-02-05 17:19 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-02 18:26 - 2014-04-02 18:26 - 00000000 ____D () C:\Users\Roland\AppData\Local\storage
2014-04-02 18:25 - 2014-04-02 18:25 - 00000000 ____D () C:\ProgramData\Ubisoft
2014-04-01 22:07 - 2014-04-01 22:08 - 00285640 _____ () C:\Windows\Minidump\040114-33750-01.dmp
2014-04-01 21:59 - 2014-04-02 18:24 - 00001867 _____ () C:\Users\Roland\Desktop\Play Tom Clancy's Splinter Cell Conviction.lnk
2014-04-01 18:53 - 2014-04-01 18:53 - 00037421 _____ () C:\Users\Roland\Downloads\[kickass.to]tom.clancy.s.splinter.cell.conviction.pc.game.dlc.nosteam.torrent
 
==================== One Month Modified Files and Folders =======
 
2014-05-01 10:09 - 2014-05-01 10:08 - 00023687 _____ () C:\Users\Roland\Downloads\FRST.txt
2014-05-01 10:08 - 2014-05-01 10:08 - 02061824 _____ (Farbar) C:\Users\Roland\Downloads\FRST64.exe
2014-05-01 10:08 - 2014-05-01 10:08 - 00000000 ____D () C:\FRST
2014-05-01 10:06 - 2012-07-26 01:28 - 00942930 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-01 10:05 - 2014-02-24 00:24 - 00000000 ___RD () C:\Users\Roland\Google Drive
2014-05-01 10:05 - 2013-08-26 20:13 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-01 10:03 - 2013-06-16 15:31 - 00017408 _____ () C:\Windows\system32\rpcnetp.exe
2014-05-01 10:02 - 2014-04-30 12:04 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-01 10:02 - 2013-06-16 15:31 - 00017408 _____ () C:\Windows\SysWOW64\rpcnetp.exe
2014-05-01 10:02 - 2013-06-16 15:31 - 00017408 _____ () C:\Windows\SysWOW64\rpcnetp.dll
2014-05-01 10:02 - 2013-06-16 15:30 - 00029528 _____ () C:\Windows\system32\wpbbin.exe
2014-05-01 10:02 - 2013-06-13 23:41 - 00069792 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll
2014-05-01 10:02 - 2013-06-13 17:21 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-01 10:02 - 2012-07-26 01:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-01 10:01 - 2013-08-26 10:45 - 00000000 ____D () C:\Users\Roland\.gimp-2.8
2014-05-01 10:01 - 2013-06-13 17:09 - 01074517 _____ () C:\Windows\WindowsUpdate.log
2014-05-01 10:01 - 2013-06-07 21:19 - 00005464 _____ () C:\Windows\system32\RaCoInst.log
2014-05-01 10:00 - 2014-05-01 10:00 - 00000000 ____D () C:\Windows\LastGood.Tmp
2014-05-01 10:00 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\system32\sru
2014-05-01 09:53 - 2014-05-01 09:53 - 00285696 _____ () C:\Windows\Minidump\050114-23984-01.dmp
2014-05-01 09:53 - 2013-10-01 11:54 - 550615336 _____ () C:\Windows\MEMORY.DMP
2014-05-01 09:53 - 2013-07-18 16:44 - 00000000 ____D () C:\Windows\Minidump
2014-05-01 09:53 - 2013-06-13 17:09 - 00000000 ____D () C:\Users\Roland
2014-05-01 09:52 - 2014-05-01 09:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-01 09:52 - 2014-05-01 09:51 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-01 09:52 - 2014-02-18 19:06 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-01 09:52 - 2013-06-14 03:56 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-01 09:52 - 2013-06-13 17:21 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-01 09:42 - 2014-05-01 09:42 - 00285696 _____ () C:\Windows\Minidump\050114-19171-01.dmp
2014-05-01 09:34 - 2014-05-01 09:34 - 00285696 _____ () C:\Windows\Minidump\050114-24375-01.dmp
2014-05-01 09:30 - 2014-05-01 09:30 - 00285640 _____ () C:\Windows\Minidump\050114-18718-01.dmp
2014-05-01 09:30 - 2013-11-15 19:11 - 00000354 _____ () C:\Windows\Tasks\HPCeeScheduleForRoland.job
2014-05-01 09:30 - 2013-11-13 11:14 - 00000000 ____D () C:\Users\Roland\AppData\Local\TBHostSupport
2014-05-01 09:27 - 2013-11-02 11:30 - 00000000 ____D () C:\Users\Roland\AppData\Roaming\Azureus
2014-05-01 07:56 - 2013-12-20 13:25 - 00000000 ____D () C:\ProgramData\YoutubeAdblocker
2014-05-01 07:56 - 2013-12-20 13:25 - 00000000 ____D () C:\Program Files (x86)\YoutubeAdblocker
2014-05-01 07:48 - 2013-11-13 11:08 - 00000364 _____ () C:\Windows\Tasks\bench-sys.job
2014-05-01 07:06 - 2013-08-26 20:00 - 00000000 ____D () C:\Users\Roland\AppData\Local\Adobe
2014-04-30 22:02 - 2013-06-17 13:57 - 00000950 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3850090444-827405806-219126609-1001UA.job
2014-04-30 13:46 - 2013-11-15 19:11 - 00003170 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForRoland
2014-04-30 13:41 - 2013-06-13 17:13 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{72F5C3E6-1146-4D57-8107-2441F855A824}
2014-04-30 10:51 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\rescache
2014-04-30 10:36 - 2014-04-30 10:36 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-30 10:36 - 2014-04-30 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-30 10:36 - 2014-04-30 10:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-30 10:36 - 2014-04-30 10:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-30 10:19 - 2014-04-30 10:19 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Roland\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-30 10:02 - 2013-06-17 13:57 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3850090444-827405806-219126609-1001Core.job
2014-04-30 09:25 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-30 09:08 - 2014-04-30 09:08 - 00285640 _____ () C:\Windows\Minidump\043014-32093-01.dmp
2014-04-29 17:38 - 2014-04-29 17:38 - 00064003 _____ () C:\Users\Roland\Downloads\[kickass.to]the.lord.of.the.rings.trilogy.extended.edition.1080p.bluray.anoxmous.torrent
2014-04-29 07:14 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-04-28 20:18 - 2014-02-01 22:22 - 00000215 _____ () C:\Users\Roland\AppData\Roaming\uninstall.bat
2014-04-28 20:18 - 2014-02-01 22:22 - 00000000 ____D () C:\Users\Roland\AppData\Roaming\PC-Gizmos
2014-04-27 20:43 - 2014-04-27 20:43 - 00030383 _____ () C:\Users\Roland\Downloads\[kickass.to]baby.got.boobs.looking.for.a.roommate.daisy.marie.kinzi.marie.wmv.torrent
2014-04-27 20:43 - 2014-04-27 20:43 - 00016035 _____ () C:\Users\Roland\Downloads\[kickass.to]shawna.lenee.kagney.linn.karter.ebenezer.keiran.baby.got.boobs.torrent
2014-04-27 20:38 - 2014-04-27 20:38 - 00014675 _____ () C:\Users\Roland\Downloads\[kickass.to]jenaveve.jolie.audrey.bitoni.brazzers.expose.big.tits.at.school.torrent
2014-04-27 20:32 - 2014-04-27 20:32 - 00020862 _____ () C:\Users\Roland\Downloads\Kacey_Jordan_-_Sneak_in_[bleep]_-_Teens_like_it_big.9520461.TPB.torrent
2014-04-27 20:31 - 2014-04-27 20:31 - 00000909 _____ () C:\Users\Public\Desktop\SpaceEngine.lnk
2014-04-27 20:31 - 2014-04-27 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpaceEngine
2014-04-27 20:25 - 2013-11-22 23:53 - 00000000 ____D () C:\Games
2014-04-27 15:42 - 2014-01-28 20:52 - 00000000 ____D () C:\Users\Roland\Desktop\ENGL 2030
2014-04-25 20:47 - 2014-04-25 20:47 - 00035426 _____ () C:\Users\Roland\Downloads\[kickass.to]bigtitsatschool.juelz.ventura.romi.rain.after.school.titty.special.brazzers.new.february.03.2014.torrent
2014-04-25 20:38 - 2014-04-25 20:38 - 00014192 _____ () C:\Users\Roland\Downloads\[kickass.to]zzseries.capri.cavanni.dani.daniels.the.[bleep].of.wall.street.ep.3.[bleep].you.work.for.me.16.april.2014.mp4.torrent
2014-04-22 17:47 - 2012-07-26 02:14 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-22 17:47 - 2012-07-26 02:14 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-22 07:45 - 2014-01-21 08:17 - 00000000 ____D () C:\Users\Roland\Desktop\FREN1020
2014-04-21 08:50 - 2012-07-26 01:21 - 00064938 _____ () C:\Windows\setupact.log
2014-04-16 16:37 - 2012-07-25 23:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-04-16 15:41 - 2014-04-16 15:41 - 00287096 _____ () C:\Windows\Minidump\041614-19921-01.dmp
2014-04-14 20:13 - 2014-05-01 09:52 - 00096168 _____ () C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-14 20:05 - 2014-05-01 09:52 - 00264616 _____ () C:\Windows\SysWOW64\javaws.exe
2014-04-14 20:05 - 2014-05-01 09:52 - 00175528 _____ () C:\Windows\SysWOW64\javaw.exe
2014-04-14 20:04 - 2014-05-01 09:52 - 00175016 _____ () C:\Windows\SysWOW64\java.exe
2014-04-14 15:31 - 2013-06-13 17:13 - 00000000 ___RD () C:\Users\Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-14 15:31 - 2013-06-13 17:13 - 00000000 ___RD () C:\Users\Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-14 15:29 - 2012-07-25 23:26 - 00786432 ___SH () C:\Windows\system32\config\BBI
2014-04-14 15:27 - 2012-07-26 02:12 - 00000000 ___RD () C:\Windows\ToastData
2014-04-14 15:27 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\WinStore
2014-04-13 01:33 - 2014-02-02 23:47 - 00000000 ____D () C:\Users\Roland\Desktop\Adobe Premiere Pro Auto-Save
2014-04-12 21:28 - 2014-02-12 13:46 - 00000000 ____D () C:\Users\Roland\Desktop\Skishit
2014-04-12 20:17 - 2014-02-03 00:04 - 00000000 ____D () C:\Users\Roland\Desktop\Adobe Premiere Pro Preview Files
2014-04-10 18:18 - 2014-04-10 18:18 - 00020172 _____ () C:\Users\Roland\Downloads\documents-export-2014-04-10.zip
2014-04-10 18:10 - 2014-04-10 18:10 - 00736849 _____ () C:\Users\Roland\Desktop\frensample.wma
2014-04-10 12:07 - 2014-04-10 12:01 - 624481632 _____ () C:\Users\Roland\Downloads\Rave Mix-Francisco Delerue.wav
2014-04-09 09:17 - 2013-07-16 16:47 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 09:14 - 2013-06-16 07:14 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-03 14:42 - 2013-08-22 08:29 - 00311296 ___SH () C:\Users\Roland\Downloads\Thumbs.db
2014-04-03 09:51 - 2014-04-30 10:36 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-30 10:36 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-30 10:36 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 18:26 - 2014-04-02 18:26 - 00000000 ____D () C:\Users\Roland\AppData\Local\storage
2014-04-02 18:25 - 2014-04-02 18:25 - 00000000 ____D () C:\ProgramData\Ubisoft
2014-04-02 18:24 - 2014-04-01 21:59 - 00001867 _____ () C:\Users\Roland\Desktop\Play Tom Clancy's Splinter Cell Conviction.lnk
2014-04-01 22:08 - 2014-04-01 22:07 - 00285640 _____ () C:\Windows\Minidump\040114-33750-01.dmp
2014-04-01 18:53 - 2014-04-01 18:53 - 00037421 _____ () C:\Users\Roland\Downloads\[kickass.to]tom.clancy.s.splinter.cell.conviction.pc.game.dlc.nosteam.torrent
 
Some content of TEMP:
====================
C:\Users\Roland\AppData\Local\Temp\APNStub.exe
C:\Users\Roland\AppData\Local\Temp\BeeCoupons-us.exe
C:\Users\Roland\AppData\Local\Temp\conduitchecker.exe
C:\Users\Roland\AppData\Local\Temp\GetCC.dll
C:\Users\Roland\AppData\Local\Temp\HPConnectedMusicInstaller_100100071.exe
C:\Users\Roland\AppData\Local\Temp\i4jdel0.exe
C:\Users\Roland\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Roland\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Roland\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Roland\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Roland\AppData\Local\Temp\mconduitinstaller.exe
C:\Users\Roland\AppData\Local\Temp\nsh6207.exe
C:\Users\Roland\AppData\Local\Temp\nsn82DC.exe
C:\Users\Roland\AppData\Local\Temp\nstBD92.exe
C:\Users\Roland\AppData\Local\Temp\nsuCCB8.exe
C:\Users\Roland\AppData\Local\Temp\nsw13C5.exe
C:\Users\Roland\AppData\Local\Temp\SendMsg.dll
C:\Users\Roland\AppData\Local\Temp\SIntf16.dll
C:\Users\Roland\AppData\Local\Temp\SIntf32.dll
C:\Users\Roland\AppData\Local\Temp\SIntfNT.dll
C:\Users\Roland\AppData\Local\Temp\SPStub.exe
C:\Users\Roland\AppData\Local\Temp\tbVisu.dll
C:\Users\Roland\AppData\Local\Temp\TidyNetwork.exe
C:\Users\Roland\AppData\Local\Temp\vbmz9.exe
C:\Users\Roland\AppData\Local\Temp\Version 11.1.1.0.updater.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-27 14:12
 
==================== End Of Log ============================

Attached Files


  • 0

Advertisements


#2
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,916 posts
Hi RockinRonald :)

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):
  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.
 

In future, do not attach logs unless told otherwise. :)

 
  • Step #1 P2P Warning
    **IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
    • Vuze
    I shall provide you with a few reference links, please read them up to know the risks of having a P2P program.Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P file-sharing as a major conduit to spread their wares.

    My recommendation is that you uninstall the programs listed above. If you choose not to remove them, please do not use them until this computer is clean.
 
  • Step #2 Fix with AdwCleaner
    • Download AdwCleaner by Xplode to your Desktop from the following link.
    • Right-click on AdwCleaner.exe and choose Run as administrator;
    • Click on Scan and let the program run unhindered;
    • When done, click on Clean and allow the system to reboot after it is done;
    • A log will be opened automatically after the restart;
    • Copy and Paste the contents of this log in your reply.
 
  • Step #3 Fix with Junkware Removal Tool
    Download Junkware Removal Tool by thisisu to your Desktop from the link below.
    Download Link 1
    Download Link 2
    • Disable your anti-virus to avoid potential conflicts. For more information please acknowledge yourself this article;
    • Run the program either by double-clicking(Windows XP) or Right-clicking and choosing Run as administrator(Windows Vista and above);
    • Please be patient as the tool cleans your system;
    • After completion of the process a log named JRT.txt will automatically open and is save to your Desktop;
    • Copy and Paste the contents of the log in your next reply.
 

Re-run FRST.exe and post the log.

 
  • Required Log(s):
    • AdwCleaner Log;
    • Junkware Removal Tool Log
    • FRST.txt
Regards,
Valinorum
  • 0

#3
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,916 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP