[RockinRonald]

FRST scan result is below, the addition is attached

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-05-2014

Ran by Roland (administrator) on ROLANDPC on 01-05-2014 10:08:59

Running from C:\Users\Roland\Downloads

Windows 8 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe

(Absolute Software) C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

( ) C:\Windows\System32\dlcicoms.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

() C:\ProgramData\Rpcnet\Bin\rpcld.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe

() C:\Windows\System32\valWBFPolicyService.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe

(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe

(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Dell) C:\Program Files (x86)\Dell AIO Printer 946\DLCImon.exe

(Flux Software LLC) C:\Users\Roland\AppData\Local\FluxSoftware\Flux\flux.exe

(PC Gizmos) C:\Users\Roland\AppData\Roaming\PC-Gizmos\SoundcloudDLD-PC_136528.en_87.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

(Absolute Software) C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Microsoft Corporation) C:\Windows\System32\LocationNotifications.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Microsoft Corporation) C:\Windows\System32\msiexec.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-20] (IDT, Inc.)

HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.)

HKLM\...\Run: [dlcimon.exe] => C:\Program Files (x86)\Dell AIO Printer 946\dlcimon.exe [435696 2007-01-12] (Dell)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.)

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)

HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2012-09-14] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)

HKLM-x32\...\Run: [Absolute Notifier] => C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe [85864 2013-10-28] (Absolute Software)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)

HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-12-13] (Hewlett-Packard)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-3850090444-827405806-219126609-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation)

HKU\S-1-5-21-3850090444-827405806-219126609-1001\...\Run: [Facebook Update] => "C:\Users\Roland\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

HKU\S-1-5-21-3850090444-827405806-219126609-1001\...\Run: [TBHostSupport] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Roland\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin <===== ATTENTION

HKU\S-1-5-21-3850090444-827405806-219126609-1001\...\Run: [f.lux] => C:\Users\Roland\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)

HKU\S-1-5-21-3850090444-827405806-219126609-1001\...\Run: [PC_GIZMOS] => C:\Users\Roland\AppData\Roaming\PC-Gizmos\SoundcloudDLD-PC_136528.en_87.exe [2165248 2014-04-28] (PC Gizmos)

HKU\S-1-5-21-3850090444-827405806-219126609-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21822128 2014-01-30] (Google)

Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.6.lnk

ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3318920

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPNTDFJS

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPNTDFJS

SearchScopes: HKLM - {45D4CF2E-D9AC-4E6C-97BD-255A661D9AD4} URL = http://www.amazon.co...s={searchTerms}

SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKLM-x32 - DefaultScope {C545AAFA-C80B-41CF-A076-9350CFD8FB8A} URL = 

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPNTDFJS

SearchScopes: HKLM-x32 - {45D4CF2E-D9AC-4E6C-97BD-255A661D9AD4} URL = http://www.amazon.co...s={searchTerms}

SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKCU - DefaultScope {C545AAFA-C80B-41CF-A076-9350CFD8FB8A} URL = http://search.condui...6034586278&UM=2

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPNTDFJS

SearchScopes: HKCU - {45D4CF2E-D9AC-4E6C-97BD-255A661D9AD4} URL = http://www.amazon.co...s={searchTerms}

SearchScopes: HKCU - {C545AAFA-C80B-41CF-A076-9350CFD8FB8A} URL = http://search.condui...6034586278&UM=2

SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKCU - {E66FA3E5-254D-4600-8138-D1864C574D24} URL = http://websearch.ask...A0-F20561D3A784

BHO: YoutubeAdblocker - {DD425C9E-8E56-3EB9-E18F-8387FA609BAD} - C:\Program Files (x86)\YoutubeAdblocker\pv0t4WjFLd.x64.dll No File

BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)

BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: SoundCloud Downloader - {A817C286-3D6B-4ECD-A99C-E44E50DBC523} - C:\Users\Roland\AppData\Roaming\PC-Gizmos\PCGizmosBHO.dll (PC Gizmos)

BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: YoutubeAdblocker - {DD425C9E-8E56-3EB9-E18F-8387FA609BAD} - C:\Program Files (x86)\YoutubeAdblocker\pv0t4WjFLd.dll No File

BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll No File

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File

Tcpip\Parameters: [DhcpNameServer] 216.106.137.1

 

FireFox:

========

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @authentec.com/ffwloplugin - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Roland\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

 

Chrome: 

=======

CHR HomePage: hxxp://www.ucdenver.edu/student-services/Pages/WebMail.aspx

CHR StartupUrls: "hxxp://www.google.com/"

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll ()

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File

CHR Plugin: (Simple Pass) - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)

CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)

CHR Extension: (Dictionary of Numbers) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahhgdmkmcgahbkcbmlkpmmamemlkajaf [2014-04-27]

CHR Extension: (Google Docs) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-13]

CHR Extension: (SoundCloud Downloader) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apbeiaejbifegcmfkflngimmegifddkn [2014-02-01]

CHR Extension: (Google Drive) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-13]

CHR Extension: (YouTube) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-13]

CHR Extension: (Honey) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2013-10-09]

CHR Extension: (Google Search) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-13]

CHR Extension: (Website Logon) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo [2013-06-13]

CHR Extension: (AdBlock) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-10-14]

CHR Extension: (Reddit Enhancement Suite) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2013-12-24]

CHR Extension: (Ghostery Fixer) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaegpmdlhnpldpoadmnnbddbkcdmbhb [2014-04-14]

CHR Extension: (BookmarkTube) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlmllgkdgiphnejcmpibkfidhdoeadff [2013-12-20]

CHR Extension: (Ghostery) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-04-14]

CHR Extension: (Google Wallet) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]

CHR Extension: (Hover Zoom) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2013-07-10]

CHR Extension: (Gmail) - C:\Users\Roland\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-13]

CHR HKCU\...\Chrome\Extension: [gddejphgogdngaihfpebjpmlkjjhmikc] - C:\Users\Roland\AppData\Local\CRE\gddejphgogdngaihfpebjpmlkjjhmikc.crx [2013-11-13]

CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-07-12]

CHR HKLM-x32\...\Chrome\Extension: [gddejphgogdngaihfpebjpmlkjjhmikc] - C:\Users\Roland\AppData\Local\CRE\gddejphgogdngaihfpebjpmlkjjhmikc.crx [2013-11-13]

CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]

CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx [2013-10-24]

CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\Roland\AppData\Local\Slick Savings\coupons.crx [2013-11-02]

CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]

 

==================== Services (Whitelisted) =================

 

R2 AbsoluteNotifier; C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [11112 2013-10-28] (Absolute Software)

R2 dlci_device; C:\Windows\system32\dlcicoms.exe [566152 2006-12-08] ( )

R2 dlci_device; C:\Windows\SysWOW64\dlcicoms.exe [537480 2006-12-08] ( )

R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641320 2012-08-10] (HP)

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)

R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)

R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] ()

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)

R2 rpcld; C:\ProgramData\Rpcnet\Bin\rpcld.exe [X]

 

==================== Drivers (Whitelisted) ====================

 

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-01] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)

S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)

S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [273040 2012-08-08] (Realtek Semiconductor Corp.)

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-24] (Synaptics Incorporated)

R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

S3 SmbDrv; \SystemRoot\System32\drivers\Smb_driver_AMDASF.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-05-01 10:08 - 2014-05-01 10:09 - 00023687 _____ () C:\Users\Roland\Downloads\FRST.txt

2014-05-01 10:08 - 2014-05-01 10:08 - 02061824 _____ (Farbar) C:\Users\Roland\Downloads\FRST64.exe

2014-05-01 10:08 - 2014-05-01 10:08 - 00000000 ____D () C:\FRST

2014-05-01 10:00 - 2014-05-01 10:00 - 00000000 ____D () C:\Windows\LastGood.Tmp

2014-05-01 09:53 - 2014-05-01 09:53 - 00285696 _____ () C:\Windows\Minidump\050114-23984-01.dmp

2014-05-01 09:52 - 2014-05-01 09:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-05-01 09:52 - 2014-04-14 20:13 - 00096168 _____ () C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-05-01 09:52 - 2014-04-14 20:05 - 00264616 _____ () C:\Windows\SysWOW64\javaws.exe

2014-05-01 09:52 - 2014-04-14 20:05 - 00175528 _____ () C:\Windows\SysWOW64\javaw.exe

2014-05-01 09:52 - 2014-04-14 20:04 - 00175016 _____ () C:\Windows\SysWOW64\java.exe

2014-05-01 09:51 - 2014-05-01 09:52 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log

2014-05-01 09:42 - 2014-05-01 09:42 - 00285696 _____ () C:\Windows\Minidump\050114-19171-01.dmp

2014-05-01 09:34 - 2014-05-01 09:34 - 00285696 _____ () C:\Windows\Minidump\050114-24375-01.dmp

2014-05-01 09:30 - 2014-05-01 09:30 - 00285640 _____ () C:\Windows\Minidump\050114-18718-01.dmp

2014-04-30 12:04 - 2014-05-01 10:02 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-30 10:36 - 2014-04-30 10:36 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-30 10:36 - 2014-04-30 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-04-30 10:36 - 2014-04-30 10:36 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-30 10:36 - 2014-04-30 10:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-30 10:36 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-30 10:36 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-30 10:36 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-04-30 10:19 - 2014-04-30 10:19 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Roland\Downloads\mbam-setup-2.0.1.1004.exe

2014-04-30 09:08 - 2014-04-30 09:08 - 00285640 _____ () C:\Windows\Minidump\043014-32093-01.dmp

2014-04-29 17:38 - 2014-04-29 17:38 - 00064003 _____ () C:\Users\Roland\Downloads\[kickass.to]the.lord.of.the.rings.trilogy.extended.edition.1080p.bluray.anoxmous.torrent

2014-04-27 20:43 - 2014-04-27 20:43 - 00030383 _____ () C:\Users\Roland\Downloads\[kickass.to]baby.got.boobs.looking.for.a.roommate.daisy.marie.kinzi.marie.wmv.torrent

2014-04-27 20:43 - 2014-04-27 20:43 - 00016035 _____ () C:\Users\Roland\Downloads\[kickass.to]shawna.lenee.kagney.linn.karter.ebenezer.keiran.baby.got.boobs.torrent

2014-04-27 20:38 - 2014-04-27 20:38 - 00014675 _____ () C:\Users\Roland\Downloads\[kickass.to]jenaveve.jolie.audrey.bitoni.brazzers.expose.big.tits.at.school.torrent

2014-04-27 20:32 - 2014-04-27 20:32 - 00020862 _____ () C:\Users\Roland\Downloads\Kacey_Jordan_-_Sneak_in_[bleep]_-_Teens_like_it_big.9520461.TPB.torrent

2014-04-27 20:31 - 2014-04-27 20:31 - 00000909 _____ () C:\Users\Public\Desktop\SpaceEngine.lnk

2014-04-27 20:31 - 2014-04-27 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpaceEngine

2014-04-25 20:47 - 2014-04-25 20:47 - 00035426 _____ () C:\Users\Roland\Downloads\[kickass.to]bigtitsatschool.juelz.ventura.romi.rain.after.school.titty.special.brazzers.new.february.03.2014.torrent

2014-04-25 20:38 - 2014-04-25 20:38 - 00014192 _____ () C:\Users\Roland\Downloads\[kickass.to]zzseries.capri.cavanni.dani.daniels.the.[bleep].of.wall.street.ep.3.[bleep].you.work.for.me.16.april.2014.mp4.torrent

2014-04-16 15:41 - 2014-04-16 15:41 - 00287096 _____ () C:\Windows\Minidump\041614-19921-01.dmp

2014-04-12 10:29 - 2014-03-06 18:48 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-04-12 10:29 - 2014-03-06 18:48 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-04-12 10:29 - 2014-03-06 18:47 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-04-12 10:29 - 2014-03-06 18:47 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-04-12 10:29 - 2014-03-06 18:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-04-12 10:29 - 2014-03-06 18:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-04-12 10:29 - 2014-03-06 18:08 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-04-12 10:29 - 2014-03-06 18:08 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-04-12 10:29 - 2014-03-06 18:08 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-04-12 10:29 - 2014-03-06 18:08 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-04-12 10:29 - 2014-03-06 18:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-04-12 10:29 - 2014-03-06 18:08 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll

2014-04-12 10:29 - 2014-03-06 18:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-04-12 10:29 - 2014-03-06 18:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-04-12 10:29 - 2014-03-06 18:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-04-12 10:29 - 2013-05-15 16:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll

2014-04-12 10:29 - 2013-05-15 16:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll

2014-04-12 10:29 - 2013-05-14 07:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-04-12 10:29 - 2013-05-14 03:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-04-12 10:29 - 2013-02-21 04:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2014-04-12 10:29 - 2013-02-21 04:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-04-12 10:29 - 2013-02-21 04:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-04-12 10:29 - 2013-02-21 04:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-04-12 10:29 - 2013-02-21 04:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2014-04-12 10:29 - 2013-02-21 04:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-04-12 10:29 - 2013-02-19 03:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll

2014-04-12 10:29 - 2012-11-07 22:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-04-12 10:29 - 2012-11-07 22:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-04-12 10:29 - 2012-07-25 21:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-04-12 10:28 - 2014-03-06 18:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-04-12 10:28 - 2014-03-06 18:47 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-04-12 10:28 - 2014-03-06 18:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2014-04-12 10:28 - 2014-03-06 18:08 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-04-12 10:28 - 2014-02-03 17:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys

2014-04-12 10:28 - 2014-02-03 17:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys

2014-04-12 10:28 - 2014-01-30 21:55 - 00209712 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe

2014-04-12 10:28 - 2014-01-30 18:48 - 00564736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll

2014-04-12 10:28 - 2014-01-30 18:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll

2014-04-12 10:28 - 2014-01-30 18:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll

2014-04-12 10:28 - 2014-01-30 18:48 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-04-12 10:28 - 2014-01-30 18:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll

2014-04-12 10:28 - 2014-01-30 18:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll

2014-04-12 10:28 - 2014-01-30 18:06 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-04-12 10:28 - 2014-01-26 21:42 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2014-04-12 10:28 - 2014-01-26 21:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

2014-04-12 10:28 - 2014-01-26 18:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-04-12 10:28 - 2014-01-26 18:31 - 19752448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-04-12 10:28 - 2014-01-26 17:17 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml

2014-04-12 10:28 - 2014-01-15 17:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys

2014-04-12 10:28 - 2014-01-11 00:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2014-04-12 10:28 - 2014-01-10 23:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2014-04-12 10:28 - 2014-01-02 17:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll

2014-04-12 10:28 - 2014-01-02 17:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll

2014-04-10 18:18 - 2014-04-10 18:18 - 00020172 _____ () C:\Users\Roland\Downloads\documents-export-2014-04-10.zip

2014-04-10 18:10 - 2014-04-10 18:10 - 00736849 _____ () C:\Users\Roland\Desktop\frensample.wma

2014-04-10 12:01 - 2014-04-10 12:07 - 624481632 _____ () C:\Users\Roland\Downloads\Rave Mix-Francisco Delerue.wav

2014-04-09 07:41 - 2014-02-05 17:41 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2014-04-09 07:41 - 2014-02-05 17:41 - 00978432 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2014-04-09 07:41 - 2014-02-05 17:26 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2014-04-09 07:41 - 2014-02-05 17:19 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2014-04-02 18:26 - 2014-04-02 18:26 - 00000000 ____D () C:\Users\Roland\AppData\Local\storage

2014-04-02 18:25 - 2014-04-02 18:25 - 00000000 ____D () C:\ProgramData\Ubisoft

2014-04-01 22:07 - 2014-04-01 22:08 - 00285640 _____ () C:\Windows\Minidump\040114-33750-01.dmp

2014-04-01 21:59 - 2014-04-02 18:24 - 00001867 _____ () C:\Users\Roland\Desktop\Play Tom Clancy's Splinter Cell Conviction.lnk

2014-04-01 18:53 - 2014-04-01 18:53 - 00037421 _____ () C:\Users\Roland\Downloads\[kickass.to]tom.clancy.s.splinter.cell.conviction.pc.game.dlc.nosteam.torrent

 

==================== One Month Modified Files and Folders =======

 

2014-05-01 10:09 - 2014-05-01 10:08 - 00023687 _____ () C:\Users\Roland\Downloads\FRST.txt

2014-05-01 10:08 - 2014-05-01 10:08 - 02061824 _____ (Farbar) C:\Users\Roland\Downloads\FRST64.exe

2014-05-01 10:08 - 2014-05-01 10:08 - 00000000 ____D () C:\FRST

2014-05-01 10:06 - 2012-07-26 01:28 - 00942930 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-05-01 10:05 - 2014-02-24 00:24 - 00000000 ___RD () C:\Users\Roland\Google Drive

2014-05-01 10:05 - 2013-08-26 20:13 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-05-01 10:03 - 2013-06-16 15:31 - 00017408 _____ () C:\Windows\system32\rpcnetp.exe

2014-05-01 10:02 - 2014-04-30 12:04 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-05-01 10:02 - 2013-06-16 15:31 - 00017408 _____ () C:\Windows\SysWOW64\rpcnetp.exe

2014-05-01 10:02 - 2013-06-16 15:31 - 00017408 _____ () C:\Windows\SysWOW64\rpcnetp.dll

2014-05-01 10:02 - 2013-06-16 15:30 - 00029528 _____ () C:\Windows\system32\wpbbin.exe

2014-05-01 10:02 - 2013-06-13 23:41 - 00069792 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll

2014-05-01 10:02 - 2013-06-13 17:21 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-05-01 10:02 - 2012-07-26 01:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-05-01 10:01 - 2013-08-26 10:45 - 00000000 ____D () C:\Users\Roland\.gimp-2.8

2014-05-01 10:01 - 2013-06-13 17:09 - 01074517 _____ () C:\Windows\WindowsUpdate.log

2014-05-01 10:01 - 2013-06-07 21:19 - 00005464 _____ () C:\Windows\system32\RaCoInst.log

2014-05-01 10:00 - 2014-05-01 10:00 - 00000000 ____D () C:\Windows\LastGood.Tmp

2014-05-01 10:00 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\system32\sru

2014-05-01 09:53 - 2014-05-01 09:53 - 00285696 _____ () C:\Windows\Minidump\050114-23984-01.dmp

2014-05-01 09:53 - 2013-10-01 11:54 - 550615336 _____ () C:\Windows\MEMORY.DMP

2014-05-01 09:53 - 2013-07-18 16:44 - 00000000 ____D () C:\Windows\Minidump

2014-05-01 09:53 - 2013-06-13 17:09 - 00000000 ____D () C:\Users\Roland

2014-05-01 09:52 - 2014-05-01 09:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-05-01 09:52 - 2014-05-01 09:51 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log

2014-05-01 09:52 - 2014-02-18 19:06 - 00000000 ____D () C:\ProgramData\Oracle

2014-05-01 09:52 - 2013-06-14 03:56 - 00000000 ____D () C:\Program Files (x86)\Java

2014-05-01 09:52 - 2013-06-13 17:21 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-05-01 09:42 - 2014-05-01 09:42 - 00285696 _____ () C:\Windows\Minidump\050114-19171-01.dmp

2014-05-01 09:34 - 2014-05-01 09:34 - 00285696 _____ () C:\Windows\Minidump\050114-24375-01.dmp

2014-05-01 09:30 - 2014-05-01 09:30 - 00285640 _____ () C:\Windows\Minidump\050114-18718-01.dmp

2014-05-01 09:30 - 2013-11-15 19:11 - 00000354 _____ () C:\Windows\Tasks\HPCeeScheduleForRoland.job

2014-05-01 09:30 - 2013-11-13 11:14 - 00000000 ____D () C:\Users\Roland\AppData\Local\TBHostSupport

2014-05-01 09:27 - 2013-11-02 11:30 - 00000000 ____D () C:\Users\Roland\AppData\Roaming\Azureus

2014-05-01 07:56 - 2013-12-20 13:25 - 00000000 ____D () C:\ProgramData\YoutubeAdblocker

2014-05-01 07:56 - 2013-12-20 13:25 - 00000000 ____D () C:\Program Files (x86)\YoutubeAdblocker

2014-05-01 07:48 - 2013-11-13 11:08 - 00000364 _____ () C:\Windows\Tasks\bench-sys.job

2014-05-01 07:06 - 2013-08-26 20:00 - 00000000 ____D () C:\Users\Roland\AppData\Local\Adobe

2014-04-30 22:02 - 2013-06-17 13:57 - 00000950 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3850090444-827405806-219126609-1001UA.job

2014-04-30 13:46 - 2013-11-15 19:11 - 00003170 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForRoland

2014-04-30 13:41 - 2013-06-13 17:13 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{72F5C3E6-1146-4D57-8107-2441F855A824}

2014-04-30 10:51 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\rescache

2014-04-30 10:36 - 2014-04-30 10:36 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-30 10:36 - 2014-04-30 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-04-30 10:36 - 2014-04-30 10:36 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-30 10:36 - 2014-04-30 10:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-30 10:19 - 2014-04-30 10:19 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Roland\Downloads\mbam-setup-2.0.1.1004.exe

2014-04-30 10:02 - 2013-06-17 13:57 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3850090444-827405806-219126609-1001Core.job

2014-04-30 09:25 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\system32\NDF

2014-04-30 09:08 - 2014-04-30 09:08 - 00285640 _____ () C:\Windows\Minidump\043014-32093-01.dmp

2014-04-29 17:38 - 2014-04-29 17:38 - 00064003 _____ () C:\Users\Roland\Downloads\[kickass.to]the.lord.of.the.rings.trilogy.extended.edition.1080p.bluray.anoxmous.torrent

2014-04-29 07:14 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\AUInstallAgent

2014-04-28 20:18 - 2014-02-01 22:22 - 00000215 _____ () C:\Users\Roland\AppData\Roaming\uninstall.bat

2014-04-28 20:18 - 2014-02-01 22:22 - 00000000 ____D () C:\Users\Roland\AppData\Roaming\PC-Gizmos

2014-04-27 20:43 - 2014-04-27 20:43 - 00030383 _____ () C:\Users\Roland\Downloads\[kickass.to]baby.got.boobs.looking.for.a.roommate.daisy.marie.kinzi.marie.wmv.torrent

2014-04-27 20:43 - 2014-04-27 20:43 - 00016035 _____ () C:\Users\Roland\Downloads\[kickass.to]shawna.lenee.kagney.linn.karter.ebenezer.keiran.baby.got.boobs.torrent

2014-04-27 20:38 - 2014-04-27 20:38 - 00014675 _____ () C:\Users\Roland\Downloads\[kickass.to]jenaveve.jolie.audrey.bitoni.brazzers.expose.big.tits.at.school.torrent

2014-04-27 20:32 - 2014-04-27 20:32 - 00020862 _____ () C:\Users\Roland\Downloads\Kacey_Jordan_-_Sneak_in_[bleep]_-_Teens_like_it_big.9520461.TPB.torrent

2014-04-27 20:31 - 2014-04-27 20:31 - 00000909 _____ () C:\Users\Public\Desktop\SpaceEngine.lnk

2014-04-27 20:31 - 2014-04-27 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpaceEngine

2014-04-27 20:25 - 2013-11-22 23:53 - 00000000 ____D () C:\Games

2014-04-27 15:42 - 2014-01-28 20:52 - 00000000 ____D () C:\Users\Roland\Desktop\ENGL 2030

2014-04-25 20:47 - 2014-04-25 20:47 - 00035426 _____ () C:\Users\Roland\Downloads\[kickass.to]bigtitsatschool.juelz.ventura.romi.rain.after.school.titty.special.brazzers.new.february.03.2014.torrent

2014-04-25 20:38 - 2014-04-25 20:38 - 00014192 _____ () C:\Users\Roland\Downloads\[kickass.to]zzseries.capri.cavanni.dani.daniels.the.[bleep].of.wall.street.ep.3.[bleep].you.work.for.me.16.april.2014.mp4.torrent

2014-04-22 17:47 - 2012-07-26 02:14 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-04-22 17:47 - 2012-07-26 02:14 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-04-22 07:45 - 2014-01-21 08:17 - 00000000 ____D () C:\Users\Roland\Desktop\FREN1020

2014-04-21 08:50 - 2012-07-26 01:21 - 00064938 _____ () C:\Windows\setupact.log

2014-04-16 16:37 - 2012-07-25 23:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM

2014-04-16 15:41 - 2014-04-16 15:41 - 00287096 _____ () C:\Windows\Minidump\041614-19921-01.dmp

2014-04-14 20:13 - 2014-05-01 09:52 - 00096168 _____ () C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-04-14 20:05 - 2014-05-01 09:52 - 00264616 _____ () C:\Windows\SysWOW64\javaws.exe

2014-04-14 20:05 - 2014-05-01 09:52 - 00175528 _____ () C:\Windows\SysWOW64\javaw.exe

2014-04-14 20:04 - 2014-05-01 09:52 - 00175016 _____ () C:\Windows\SysWOW64\java.exe

2014-04-14 15:31 - 2013-06-13 17:13 - 00000000 ___RD () C:\Users\Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-04-14 15:31 - 2013-06-13 17:13 - 00000000 ___RD () C:\Users\Roland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2014-04-14 15:29 - 2012-07-25 23:26 - 00786432 ___SH () C:\Windows\system32\config\BBI

2014-04-14 15:27 - 2012-07-26 02:12 - 00000000 ___RD () C:\Windows\ToastData

2014-04-14 15:27 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\WinStore

2014-04-13 01:33 - 2014-02-02 23:47 - 00000000 ____D () C:\Users\Roland\Desktop\Adobe Premiere Pro Auto-Save

2014-04-12 21:28 - 2014-02-12 13:46 - 00000000 ____D () C:\Users\Roland\Desktop\Skishit

2014-04-12 20:17 - 2014-02-03 00:04 - 00000000 ____D () C:\Users\Roland\Desktop\Adobe Premiere Pro Preview Files

2014-04-10 18:18 - 2014-04-10 18:18 - 00020172 _____ () C:\Users\Roland\Downloads\documents-export-2014-04-10.zip

2014-04-10 18:10 - 2014-04-10 18:10 - 00736849 _____ () C:\Users\Roland\Desktop\frensample.wma

2014-04-10 12:07 - 2014-04-10 12:01 - 624481632 _____ () C:\Users\Roland\Downloads\Rave Mix-Francisco Delerue.wav

2014-04-09 09:17 - 2013-07-16 16:47 - 00000000 ____D () C:\Windows\system32\MRT

2014-04-09 09:14 - 2013-06-16 07:14 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-04-03 14:42 - 2013-08-22 08:29 - 00311296 ___SH () C:\Users\Roland\Downloads\Thumbs.db

2014-04-03 09:51 - 2014-04-30 10:36 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-03 09:51 - 2014-04-30 10:36 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-03 09:50 - 2014-04-30 10:36 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-04-02 18:26 - 2014-04-02 18:26 - 00000000 ____D () C:\Users\Roland\AppData\Local\storage

2014-04-02 18:25 - 2014-04-02 18:25 - 00000000 ____D () C:\ProgramData\Ubisoft

2014-04-02 18:24 - 2014-04-01 21:59 - 00001867 _____ () C:\Users\Roland\Desktop\Play Tom Clancy's Splinter Cell Conviction.lnk

2014-04-01 22:08 - 2014-04-01 22:07 - 00285640 _____ () C:\Windows\Minidump\040114-33750-01.dmp

2014-04-01 18:53 - 2014-04-01 18:53 - 00037421 _____ () C:\Users\Roland\Downloads\[kickass.to]tom.clancy.s.splinter.cell.conviction.pc.game.dlc.nosteam.torrent

 

Some content of TEMP:

====================

C:\Users\Roland\AppData\Local\Temp\APNStub.exe

C:\Users\Roland\AppData\Local\Temp\BeeCoupons-us.exe

C:\Users\Roland\AppData\Local\Temp\conduitchecker.exe

C:\Users\Roland\AppData\Local\Temp\GetCC.dll

C:\Users\Roland\AppData\Local\Temp\HPConnectedMusicInstaller_100100071.exe

C:\Users\Roland\AppData\Local\Temp\i4jdel0.exe

C:\Users\Roland\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe

C:\Users\Roland\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe

C:\Users\Roland\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe

C:\Users\Roland\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe

C:\Users\Roland\AppData\Local\Temp\mconduitinstaller.exe

C:\Users\Roland\AppData\Local\Temp\nsh6207.exe

C:\Users\Roland\AppData\Local\Temp\nsn82DC.exe

C:\Users\Roland\AppData\Local\Temp\nstBD92.exe

C:\Users\Roland\AppData\Local\Temp\nsuCCB8.exe

C:\Users\Roland\AppData\Local\Temp\nsw13C5.exe

C:\Users\Roland\AppData\Local\Temp\SendMsg.dll

C:\Users\Roland\AppData\Local\Temp\SIntf16.dll

C:\Users\Roland\AppData\Local\Temp\SIntf32.dll

C:\Users\Roland\AppData\Local\Temp\SIntfNT.dll

C:\Users\Roland\AppData\Local\Temp\SPStub.exe

C:\Users\Roland\AppData\Local\Temp\tbVisu.dll

C:\Users\Roland\AppData\Local\Temp\TidyNetwork.exe

C:\Users\Roland\AppData\Local\Temp\vbmz9.exe

C:\Users\Roland\AppData\Local\Temp\Version 11.1.1.0.updater.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-04-27 14:12

 

==================== End Of Log ============================

Attached Files

•  Addition.txt   28.01KB   134 downloads

[Advertisements]

Hi RockinRonald



My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):

• Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
• Please do not install any new software while we are working on this system as it may hinder our process.
• Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
• Please do not try to fix anything without being ask.
• Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
• Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
• Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
• If you are confused about any instruction stop and ask. Do not keep on going.
• Do not repeat the steps if you face any problems.
• I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
• Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
• The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.

 

In future, do not attach logs unless told otherwise.

 

• Step #1 P2P Warning
  **IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
  • Vuze
  I shall provide you with a few reference links, please read them up to know the risks of having a P2P program.
  • P2P File-Sharing: Evaluate the Risks
  • ITSC: Risks in Peer-to-peer File Sharing
  Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P file-sharing as a major conduit to spread their wares.
  
  My recommendation is that you uninstall the programs listed above. If you choose not to remove them, please do not use them until this computer is clean.

 

• Step #2 Fix with AdwCleaner
  • Download AdwCleaner by Xplode to your Desktop from the following link.
    • Download Link #1
    • Download Link #2
  • Right-click on AdwCleaner.exe and choose Run as administrator;
  • Click on Scan and let the program run unhindered;
  • When done, click on Clean and allow the system to reboot after it is done;
  • A log will be opened automatically after the restart;
  • Copy and Paste the contents of this log in your reply.

 

• Step #3 Fix with Junkware Removal Tool
  Download Junkware Removal Tool by thisisu to your Desktop from the link below.
  Download Link 1
  Download Link 2
  • Disable your anti-virus to avoid potential conflicts. For more information please acknowledge yourself this article;
  • Run the program either by double-clicking(Windows XP) or Right-clicking and choosing Run as administrator(Windows Vista and above);
  • Please be patient as the tool cleans your system;
  • After completion of the process a log named JRT.txt will automatically open and is save to your Desktop;
  • Copy and Paste the contents of the log in your next reply.

 

Re-run FRST.exe and post the log.

 

• Required Log(s):
  • AdwCleaner Log;
  • Junkware Removal Tool Log
  • FRST.txt

Regards,
Valinorum

[Valinorum]

Hi RockinRonald



My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):

• Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
• Please do not install any new software while we are working on this system as it may hinder our process.
• Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
• Please do not try to fix anything without being ask.
• Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
• Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
• Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
• If you are confused about any instruction stop and ask. Do not keep on going.
• Do not repeat the steps if you face any problems.
• I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
• Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
• The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.

 

In future, do not attach logs unless told otherwise.

 

• Step #1 P2P Warning
  **IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
  • Vuze
  I shall provide you with a few reference links, please read them up to know the risks of having a P2P program.
  • P2P File-Sharing: Evaluate the Risks
  • ITSC: Risks in Peer-to-peer File Sharing
  Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P file-sharing as a major conduit to spread their wares.
  
  My recommendation is that you uninstall the programs listed above. If you choose not to remove them, please do not use them until this computer is clean.

 

• Step #2 Fix with AdwCleaner
  • Download AdwCleaner by Xplode to your Desktop from the following link.
    • Download Link #1
    • Download Link #2
  • Right-click on AdwCleaner.exe and choose Run as administrator;
  • Click on Scan and let the program run unhindered;
  • When done, click on Clean and allow the system to reboot after it is done;
  • A log will be opened automatically after the restart;
  • Copy and Paste the contents of this log in your reply.

 

• Step #3 Fix with Junkware Removal Tool
  Download Junkware Removal Tool by thisisu to your Desktop from the link below.
  Download Link 1
  Download Link 2
  • Disable your anti-virus to avoid potential conflicts. For more information please acknowledge yourself this article;
  • Run the program either by double-clicking(Windows XP) or Right-clicking and choosing Run as administrator(Windows Vista and above);
  • Please be patient as the tool cleans your system;
  • After completion of the process a log named JRT.txt will automatically open and is save to your Desktop;
  • Copy and Paste the contents of the log in your next reply.

 

Re-run FRST.exe and post the log.

 

• Required Log(s):
  • AdwCleaner Log;
  • Junkware Removal Tool Log
  • FRST.txt

Regards,
Valinorum

[Valinorum]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.