Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need to get rid of http://rocket-find.com/ redirect? [Solved]

Started by jfavata , Jun 09 2014 07:10 PM

  • This topic is locked This topic is locked

#31
jfavata
Posted 10 June 2014 - 06:03 PM

jfavata

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-06-2014
Ran by John F (administrator) on JOHN on 10-06-2014 20:01:37
Running from C:\Users\John F\Desktop
Platform: Windows 8.1 (Update 1) (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\livecomm.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [682904 2012-09-19] (Alps Electric Co., Ltd.)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11577216 2012-08-27] (Motorola Solutions, Inc.)
HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1382568 2013-09-16] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [216928 2013-08-29] (Trend Micro Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [405639 2009-01-09] (Creative Technology Ltd)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2012782116-1702301767-3356681026-1001\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-2012782116-1702301767-3356681026-1002\...\Run: [GoogleChromeAutoLaunch_4F1AF1F43665083A862D2FA853077FC7] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-05-13] (Google Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8B6835617DA6CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20013\1.0.1221\1.0.1221\TmopIEPlg.dll (Trend Micro Inc.)
BHO: TSToolbarBHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll (Trend Micro Inc.)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20013\1.0.1221\1.0.1221\TmopIEPlg32.dll (Trend Micro Inc.)
BHO-x32: TSToolbarBHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll (Trend Micro Inc.)
Toolbar: HKLM - TrendMicro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20013\1.0.1221\1.0.1221\TmopIEPlg.dll (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20013\1.0.1221\1.0.1221\TmopIEPlg32.dll (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112

FireFox:
========
FF ProfilePath: C:\Users\John F\AppData\Roaming\Mozilla\Firefox\Profiles\x18llnv2.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @TrendMicro.com/FFExtension - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\John F\AppData\Local\Roblox\Versions\version-23a4f309f57a496c\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\John F\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Adblock Plus - C:\Users\John F\AppData\Roaming\Mozilla\Firefox\Profiles\x18llnv2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-08]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension [2014-04-11]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension [2014-04-11]
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2013-08-31]
FF HKLM-x32\...\Firefox\Extensions: [{21541D23-FDA1-4bf3-8AF2-8F623BF70B07}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension\
FF Extension: Trend Micro Osprey Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension\ []

Chrome:
=======
CHR HomePage: https://www.google.com/?gws_rd=ssl
CHR StartupUrls: "hxxp://rocket-find.com/?f=1&a=rckt_dnldstr_14_24_ie&cd=2XzuyEtN2Y1L1QzuzzyE0AyC0Czz0FtBtB0B0E0Fzz0ByCzztN0D0Tzu0SzzzytCtN1L2XzutBtFtBtBtFtDtFyBtN1L1Czu0R1F1R1J1P2ZtN1L1G1B1V1N2Y1L1Qzu2StB0EyEtDyC0FyDyDtGzz0E0A0BtG0Azz0D0FtGyCyByC0EtGyDtBtDzz0FyEtD0AyCzz0B0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0Bzz0FyCtAtBtBtGzz0B0F0CtG0DyCtA0CtGyDzzyDtDtGyDtA0A0D0B0BzzyB0A0E0ByD2Q&cr=312955327&ir="
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Trend Micro Titanium) - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)
CHR Extension: (Google Docs) - C:\Users\John F\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-31]
CHR Extension: (Google Drive) - C:\Users\John F\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-31]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\John F\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\John F\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-31]
CHR Extension: (TrendMicro BEP Extension) - C:\Users\John F\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee [2013-08-31]
CHR Extension: (Google Search) - C:\Users\John F\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-31]
CHR Extension: (TrendMicro Toolbar) - C:\Users\John F\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendj [2013-08-31]
CHR Extension: (Google Wallet) - C:\Users\John F\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Gmail) - C:\Users\John F\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-31]
CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\chrome_tmbep.crx [2013-10-08]
CHR HKLM\...\Chrome\Extension: [kembfcmnocipgabpfmkeannjggpjaeak] - C:\Users\JOHNF~1\AppData\Local\speedial.crx [2013-10-08]
CHR HKCU\...\Chrome\Extension: [kembfcmnocipgabpfmkeannjggpjaeak] - C:\Users\JOHNF~1\AppData\Local\speedial.crx [2013-10-08]
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\chrome_tmbep.crx [2013-10-08]
CHR HKLM-x32\...\Chrome\Extension: [heoldelcflnigdllmlopiefhkkobendj] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\chromeextension\chromeextension.crx [2013-08-31]
CHR HKLM-x32\...\Chrome\Extension: [kembfcmnocipgabpfmkeannjggpjaeak] - C:\Users\JOHNF~1\AppData\Local\speedial.crx [2013-08-31]

==================== Services (Whitelisted) =================

R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [X]

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-10] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-25] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
R1 tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [109072 2013-09-04] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [175528 2013-09-04] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [46392 2012-08-23] (Trend Micro Inc.)
S3 tmeevw; C:\Windows\system32\DRIVERS\tmeevw.sys [94520 2012-12-07] (Trend Micro Inc.)
S0 tmel; C:\Windows\System32\DRIVERS\tmel.sys [34224 2012-07-27] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [77184 2013-09-04] (Trend Micro Inc.)
R2 tmusa; C:\Windows\system32\DRIVERS\tmusa.sys [92456 2012-12-26] (Trend Micro Inc.)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
S1 {a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64; system32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-10 20:01 - 2014-06-10 20:01 - 00019192 _____ () C:\Users\John F\Desktop\FRST.txt
2014-06-10 20:01 - 2014-06-10 20:01 - 00000000 ____D () C:\Users\John F\Desktop\FRST-OlderVersion
2014-06-10 18:21 - 2014-06-10 18:21 - 00008893 _____ () C:\Users\John F\Desktop\mal1.txt
2014-06-10 18:20 - 2014-06-10 18:20 - 00001042 _____ () C:\Users\John F\Desktop\mal2.txt
2014-06-09 23:57 - 2014-06-10 19:30 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-09 23:57 - 2014-06-09 23:57 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-09 23:57 - 2014-06-09 23:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-09 23:57 - 2014-06-09 23:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-09 23:57 - 2014-06-09 23:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-09 23:57 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-06-09 23:57 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-06-09 23:57 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-06-09 23:55 - 2014-06-09 23:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\John F\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-09 23:31 - 2014-06-09 23:31 - 04161050 _____ () C:\Users\John F\Desktop\tdsskiller.zip
2014-06-09 23:00 - 2014-06-10 18:35 - 00116282 _____ () C:\Users\John F\Desktop\OTL.Txt
2014-06-09 22:53 - 2014-06-09 22:53 - 00000711 _____ () C:\Users\John F\Desktop\JRT.txt
2014-06-09 22:50 - 2014-06-09 22:50 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-06-09 22:49 - 2014-06-09 22:49 - 01016261 _____ (Thisisu) C:\Users\John F\Desktop\JRT.exe
2014-06-09 22:47 - 2014-06-09 22:47 - 00003180 _____ () C:\Users\John F\Desktop\AdwCleaner[S0].txt
2014-06-09 22:41 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-06-09 22:36 - 2014-06-09 22:43 - 00000000 ____D () C:\AdwCleaner
2014-06-09 22:36 - 2014-06-09 22:36 - 01333465 _____ () C:\Users\John F\Desktop\AdwCleaner.exe
2014-06-09 22:25 - 2014-06-09 22:25 - 00000000 ____D () C:\_OTL
2014-06-09 21:59 - 2014-06-09 21:59 - 04745728 _____ (AVAST Software) C:\Users\John F\Desktop\aswmbr.exe
2014-06-09 21:50 - 2014-06-09 21:50 - 00001697 _____ () C:\Users\John F\Desktop\aswMBR.txt
2014-06-09 21:50 - 2014-06-09 21:50 - 00000512 _____ () C:\Users\John F\Desktop\MBR.dat
2014-06-09 21:41 - 2014-06-09 21:41 - 00026486 _____ () C:\Users\John F\Desktop\Addition.txt
2014-06-09 21:40 - 2014-06-10 20:01 - 00000000 ____D () C:\FRST
2014-06-09 21:38 - 2014-06-09 21:38 - 04745728 _____ (AVAST Software) C:\Users\John F\Downloads\aswmbr.exe
2014-06-09 21:35 - 2014-06-10 20:01 - 02081792 _____ (Farbar) C:\Users\John F\Desktop\FRST64.exe
2014-06-09 21:35 - 2014-06-09 21:35 - 02080768 _____ (Farbar) C:\Users\John F\Downloads\FRST64.exe
2014-06-09 21:34 - 2014-06-09 21:35 - 00024646 _____ () C:\Users\John F\Desktop\farbar-recovery-scan-tool.htm
2014-06-09 21:21 - 2014-06-09 21:21 - 00602112 _____ (OldTimer Tools) C:\Users\John F\Desktop\OTL.exe
2014-06-09 20:45 - 2014-04-19 13:18 - 00197000 _____ () C:\Program Files (x86)\gtres.dll
2014-06-09 20:07 - 2014-06-09 20:07 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-09 20:04 - 2014-06-09 20:04 - 00686816 _____ () C:\Users\John F\Downloads\flvplayer (1).exe
2014-06-09 20:04 - 2014-06-09 20:04 - 00002646 _____ () C:\WINDOWS\System32\Tasks\Rocket Updater
2014-06-09 20:03 - 2014-06-09 20:03 - 00000044 _____ () C:\Users\John F\AppData\Roaming\WB.CFG
2014-06-09 20:01 - 2014-06-09 20:01 - 01058200 _____ (Adobe) C:\Users\John F\Downloads\install_flashplayer13x32ax_mssd_aih.exe
2014-06-09 19:59 - 2014-06-09 19:59 - 00686816 _____ () C:\Users\John F\Downloads\flvplayer.exe
2014-06-09 19:59 - 2014-06-09 19:59 - 00001146 _____ () C:\Users\John F\Desktop\Continue flvplayer Installation.lnk
2014-06-07 00:48 - 2014-06-07 00:48 - 00000015 _____ () C:\Users\John F\Documents\D Movie.txt
2014-05-30 21:44 - 2014-05-30 21:44 - 00000143 _____ () C:\Users\John F\Documents\gps numbers.txt
2014-05-21 20:18 - 2014-05-21 20:18 - 01623184 _____ (Graboid Inc.) C:\Users\John F\Downloads\GraboidVideoInstaller-5.1.3.0 (2).exe
2014-05-21 20:18 - 2014-05-21 20:18 - 01623184 _____ (Graboid Inc.) C:\Users\John F\Downloads\GraboidVideoInstaller-5.1.3.0 (1).exe
2014-05-21 20:17 - 2014-05-21 20:17 - 01623184 _____ (Graboid Inc.) C:\Users\John F\Downloads\GraboidVideoInstaller-5.2.0.0.exe
2014-05-21 20:17 - 2014-05-21 20:17 - 01623184 _____ (Graboid Inc.) C:\Users\John F\Downloads\GraboidVideoInstaller-5.1.3.0.exe
2014-05-14 00:45 - 2014-03-23 22:30 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-05-14 00:45 - 2014-03-23 22:30 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-05-14 00:45 - 2014-03-23 22:27 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-05-14 00:45 - 2014-03-13 03:42 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2014-05-14 00:45 - 2014-03-13 02:51 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2014-05-14 00:44 - 2014-05-06 00:40 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-14 00:44 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-14 00:44 - 2014-05-05 23:00 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-14 00:44 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-14 00:44 - 2014-04-11 06:03 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-05-14 00:44 - 2014-04-11 06:03 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-05-14 00:44 - 2014-04-11 04:25 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2014-05-14 00:44 - 2014-04-11 02:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-05-14 00:44 - 2014-04-11 01:53 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-05-14 00:44 - 2014-04-11 01:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-05-14 00:44 - 2014-04-10 23:54 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-05-14 00:44 - 2014-04-10 23:36 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-05-14 00:44 - 2014-04-10 23:24 - 13288960 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-05-14 00:44 - 2014-04-10 23:06 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-05-14 00:44 - 2014-04-10 23:05 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 00:44 - 2014-04-10 23:05 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-05-14 00:44 - 2014-04-10 23:02 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 00:44 - 2014-04-10 23:02 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-05-14 00:44 - 2014-04-10 23:01 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-05-14 00:44 - 2014-04-10 23:00 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-05-14 00:44 - 2014-04-10 22:59 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-05-14 00:44 - 2014-04-10 22:57 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-05-14 00:44 - 2014-04-10 22:56 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-05-14 00:44 - 2014-04-10 22:55 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-05-14 00:44 - 2014-04-10 22:53 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-05-14 00:44 - 2014-04-10 22:52 - 03464192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-05-14 00:44 - 2014-04-10 22:46 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-05-14 00:44 - 2014-04-10 22:36 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-05-14 00:44 - 2014-04-10 22:34 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-05-14 00:44 - 2014-04-10 22:29 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-05-14 00:44 - 2014-04-10 22:25 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-05-14 00:43 - 2014-04-08 18:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll
2014-05-14 00:43 - 2014-04-08 18:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll
2014-05-14 00:43 - 2014-04-08 14:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll
2014-05-14 00:43 - 2014-04-08 14:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll
2014-05-14 00:43 - 2014-03-27 05:12 - 21225584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-05-14 00:43 - 2014-03-27 03:48 - 18679728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

==================== One Month Modified Files and Folders =======

2014-06-10 20:01 - 2014-06-10 20:01 - 00019192 _____ () C:\Users\John F\Desktop\FRST.txt
2014-06-10 20:01 - 2014-06-10 20:01 - 00000000 ____D () C:\Users\John F\Desktop\FRST-OlderVersion
2014-06-10 20:01 - 2014-06-09 21:40 - 00000000 ____D () C:\FRST
2014-06-10 20:01 - 2014-06-09 21:35 - 02081792 _____ (Farbar) C:\Users\John F\Desktop\FRST64.exe
2014-06-10 20:01 - 2013-10-26 11:11 - 00000000 ____D () C:\Users\John F\AppData\Local\Temp
2014-06-10 20:01 - 2013-08-31 14:28 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2012782116-1702301767-3356681026-1002
2014-06-10 20:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-06-10 19:56 - 2013-08-31 15:24 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-10 19:56 - 2013-08-31 15:22 - 00000908 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-10 19:56 - 2013-08-31 15:22 - 00000904 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-10 19:43 - 2013-10-26 11:06 - 01444958 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-10 19:41 - 2014-03-08 03:26 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-06-10 19:30 - 2014-06-09 23:57 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-10 19:30 - 2013-10-27 03:50 - 00000000 __RDO () C:\Users\John F\SkyDrive
2014-06-10 19:29 - 2013-09-29 23:55 - 00026274 _____ () C:\WINDOWS\PFRO.log
2014-06-10 19:29 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-10 19:29 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-06-10 18:35 - 2014-06-09 23:00 - 00116282 _____ () C:\Users\John F\Desktop\OTL.Txt
2014-06-10 18:21 - 2014-06-10 18:21 - 00008893 _____ () C:\Users\John F\Desktop\mal1.txt
2014-06-10 18:20 - 2014-06-10 18:20 - 00001042 _____ () C:\Users\John F\Desktop\mal2.txt
2014-06-10 18:05 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-06-10 00:13 - 2013-09-29 23:51 - 00000000 ____D () C:\WINDOWS\ShellNew
2014-06-09 23:57 - 2014-06-09 23:57 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-09 23:57 - 2014-06-09 23:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-09 23:57 - 2014-06-09 23:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-09 23:57 - 2014-06-09 23:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-09 23:55 - 2014-06-09 23:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\John F\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-09 23:31 - 2014-06-09 23:31 - 04161050 _____ () C:\Users\John F\Desktop\tdsskiller.zip
2014-06-09 22:53 - 2014-06-09 22:53 - 00000711 _____ () C:\Users\John F\Desktop\JRT.txt
2014-06-09 22:50 - 2014-06-09 22:50 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-06-09 22:49 - 2014-06-09 22:49 - 01016261 _____ (Thisisu) C:\Users\John F\Desktop\JRT.exe
2014-06-09 22:47 - 2014-06-09 22:47 - 00003180 _____ () C:\Users\John F\Desktop\AdwCleaner[S0].txt
2014-06-09 22:43 - 2014-06-09 22:36 - 00000000 ____D () C:\AdwCleaner
2014-06-09 22:36 - 2014-06-09 22:36 - 01333465 _____ () C:\Users\John F\Desktop\AdwCleaner.exe
2014-06-09 22:31 - 2014-03-08 03:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-09 22:25 - 2014-06-09 22:25 - 00000000 ____D () C:\_OTL
2014-06-09 21:59 - 2014-06-09 21:59 - 04745728 _____ (AVAST Software) C:\Users\John F\Desktop\aswmbr.exe
2014-06-09 21:50 - 2014-06-09 21:50 - 00001697 _____ () C:\Users\John F\Desktop\aswMBR.txt
2014-06-09 21:50 - 2014-06-09 21:50 - 00000512 _____ () C:\Users\John F\Desktop\MBR.dat
2014-06-09 21:41 - 2014-06-09 21:41 - 00026486 _____ () C:\Users\John F\Desktop\Addition.txt
2014-06-09 21:38 - 2014-06-09 21:38 - 04745728 _____ (AVAST Software) C:\Users\John F\Downloads\aswmbr.exe
2014-06-09 21:35 - 2014-06-09 21:35 - 02080768 _____ (Farbar) C:\Users\John F\Downloads\FRST64.exe
2014-06-09 21:35 - 2014-06-09 21:34 - 00024646 _____ () C:\Users\John F\Desktop\farbar-recovery-scan-tool.htm
2014-06-09 21:21 - 2014-06-09 21:21 - 00602112 _____ (OldTimer Tools) C:\Users\John F\Desktop\OTL.exe
2014-06-09 21:08 - 2013-08-22 09:25 - 00000194 _____ () C:\WINDOWS\win.ini
2014-06-09 20:28 - 2013-08-31 14:22 - 00000000 ___RD () C:\Users\John F\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-09 20:07 - 2014-06-09 20:07 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-09 20:04 - 2014-06-09 20:04 - 00686816 _____ () C:\Users\John F\Downloads\flvplayer (1).exe
2014-06-09 20:04 - 2014-06-09 20:04 - 00002646 _____ () C:\WINDOWS\System32\Tasks\Rocket Updater
2014-06-09 20:03 - 2014-06-09 20:03 - 00000044 _____ () C:\Users\John F\AppData\Roaming\WB.CFG
2014-06-09 20:01 - 2014-06-09 20:01 - 01058200 _____ (Adobe) C:\Users\John F\Downloads\install_flashplayer13x32ax_mssd_aih.exe
2014-06-09 19:59 - 2014-06-09 19:59 - 00686816 _____ () C:\Users\John F\Downloads\flvplayer.exe
2014-06-09 19:59 - 2014-06-09 19:59 - 00001146 _____ () C:\Users\John F\Desktop\Continue flvplayer Installation.lnk
2014-06-07 00:48 - 2014-06-07 00:48 - 00000015 _____ () C:\Users\John F\Documents\D Movie.txt
2014-06-05 22:06 - 2013-10-26 11:11 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Temp
2014-05-31 15:13 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-05-30 21:44 - 2014-05-30 21:44 - 00000143 _____ () C:\Users\John F\Documents\gps numbers.txt
2014-05-26 21:35 - 2013-10-26 11:11 - 00000000 ____D () C:\Users\John F
2014-05-25 20:14 - 2013-08-31 14:21 - 00000000 ____D () C:\Users\John F\AppData\Local\Packages
2014-05-21 20:18 - 2014-05-21 20:18 - 01623184 _____ (Graboid Inc.) C:\Users\John F\Downloads\GraboidVideoInstaller-5.1.3.0 (2).exe
2014-05-21 20:18 - 2014-05-21 20:18 - 01623184 _____ (Graboid Inc.) C:\Users\John F\Downloads\GraboidVideoInstaller-5.1.3.0 (1).exe
2014-05-21 20:17 - 2014-05-21 20:17 - 01623184 _____ (Graboid Inc.) C:\Users\John F\Downloads\GraboidVideoInstaller-5.2.0.0.exe
2014-05-21 20:17 - 2014-05-21 20:17 - 01623184 _____ (Graboid Inc.) C:\Users\John F\Downloads\GraboidVideoInstaller-5.1.3.0.exe
2014-05-20 19:22 - 2013-10-20 13:14 - 00349696 ___SH () C:\Users\John F\Desktop\Thumbs.db
2014-05-19 20:48 - 2013-10-21 18:08 - 00000000 ____D () C:\Users\John F\Documents\teco
2014-05-19 20:42 - 2013-10-21 18:02 - 00000000 ____D () C:\Users\John F\Documents\water bill
2014-05-19 08:00 - 2014-01-10 16:01 - 00001403 _____ () C:\Users\John F\Desktop\uhyj7k.lnk
2014-05-19 08:00 - 2014-01-10 16:01 - 00001218 _____ () C:\Users\John F\Desktop\ROBLOX Studio 2013.lnk
2014-05-19 08:00 - 2014-01-10 16:01 - 00000000 ____D () C:\Users\John F\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-05-17 03:54 - 2013-09-02 02:45 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-17 03:52 - 2013-09-02 02:45 - 93223848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-15 01:36 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-05-14 20:35 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Registration
2014-05-14 19:56 - 2014-01-14 22:24 - 00045568 ___SH () C:\Users\John F\Downloads\Thumbs.db
2014-05-14 19:53 - 2013-08-31 14:22 - 00000000 ___RD () C:\Users\John F\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-14 19:51 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-05-14 19:51 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-14 19:51 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-14 19:51 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-05-14 19:51 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-14 19:51 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-14 19:49 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates
2014-05-14 00:52 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-05-14 00:41 - 2014-03-08 03:26 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-05-12 19:51 - 2013-08-31 15:22 - 00003880 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-12 19:51 - 2013-08-31 15:22 - 00003644 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-12 07:26 - 2014-06-09 23:57 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-09 23:57 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-09 23:57 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

Some content of TEMP:
====================
C:\Users\John F\AppData\Local\Temp\Quarantine.exe
C:\Users\John F\AppData\Local\Temp\{E2BB3C14-D5A5-49C4-B956-265400362F2E}.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-10 00:40

==================== End Of Log ============================

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-06-2014
Ran by John F (administrator) on JOHN on 10-06-2014 20:01:37
Running from C:\Users\John F\Desktop
Platform: Windows 8.1 (Update 1) (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\livecomm.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [682904 2012-09-19] (Alps Electric Co., Ltd.)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11577216 2012-08-27] (Motorola Solutions, Inc.)
HKLM\...\Run: [Trend Micro Titanium] => C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [1382568 2013-09-16] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [216928 2013-08-29] (Trend Micro Inc.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [405639 2009-01-09] (Creative Technology Ltd)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2012782116-1702301767-3356681026-1001\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-2012782116-1702301767-3356681026-1002\...\Run: [GoogleChromeAutoLaunch_4F1AF1F43665083A862D2FA853077FC7] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-05-13] (Google Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8B6835617DA6CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20013\1.0.1221\1.0.1221\TmopIEPlg.dll (Trend Micro Inc.)
BHO: TSToolbarBHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll (Trend Micro Inc.)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20013\1.0.1221\1.0.1221\TmopIEPlg32.dll (Trend Micro Inc.)
BHO-x32: TSToolbarBHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll (Trend Micro Inc.)
Toolbar: HKLM - TrendMicro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20013\1.0.1221\1.0.1221\TmopIEPlg.dll (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -  No File
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20013\1.0.1221\1.0.1221\TmopIEPlg32.dll (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112

FireFox:
========
FF ProfilePath: C:\Users\John F\AppData\Roaming\Mozilla\Firefox\Profiles\x18llnv2.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @TrendMicro.com/FFExtension - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\John F\AppData\Local\Roblox\Versions\version-23a4f309f57a496c\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\John F\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Adblock Plus - C:\Users\John F\AppData\Roaming\Mozilla\Firefox\Profiles\x18llnv2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-08]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension [2014-04-11]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension [2014-04-11]
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2013-08-31]
FF HKLM-x32\...\Firefox\Extensions: [{21541D23-FDA1-4bf3-8AF2-8F623BF70B07}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension\
FF Extension: Trend Micro Osprey Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension\ []

Chrome:
=======
CHR HomePage: https://www.google.com/?gws_rd=ssl
CHR StartupUrls: "hxxp://rocket-find.com/?f=1&a=rckt_dnldstr_14_24_ie&cd=2XzuyEtN2Y1L1QzuzzyE0AyC0Czz0FtBtB0B0E0Fzz0ByCzztN0D0Tzu0SzzzytCtN1L2XzutBtFtBtBtFtDtFyBtN1L1Czu0R1F1R1J1P2ZtN1L1G1B1V1N2Y1L1Qzu2StB0EyEtDyC0FyDyDtGzz0E0A0BtG0Azz0D0FtGyCyByC0EtGyDtBtDzz0FyEtD0AyCzz0B0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0Bzz0FyCtAtBtBtGzz0B0F0CtG0DyCtA0CtGyDzzyDtDtGyDtA0A0D0B0BzzyB0A0E0ByD2Q&cr=312955327&ir="
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Trend Micro Titanium) - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)
CHR Extension: (Google Docs) - C:\Users\John F\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-31]
CHR Extension: (Google Drive) - C:\Users\John F\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-31]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\John F\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\John F\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-31]
CHR Extension: (TrendMicro BEP Extension) - C:\Users\John F\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee [2013-08-31]
CHR Extension: (Google Search) - C:\Users\John F\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-31]
CHR Extension: (TrendMicro Toolbar) - C:\Users\John F\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendj [2013-08-31]
CHR Extension: (Google Wallet) - C:\Users\John F\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Gmail) - C:\Users\John F\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-31]
CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\chrome_tmbep.crx [2013-10-08]
CHR HKLM\...\Chrome\Extension: [kembfcmnocipgabpfmkeannjggpjaeak] - C:\Users\JOHNF~1\AppData\Local\speedial.crx [2013-10-08]
CHR HKCU\...\Chrome\Extension: [kembfcmnocipgabpfmkeannjggpjaeak] - C:\Users\JOHNF~1\AppData\Local\speedial.crx [2013-10-08]
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\chrome_tmbep.crx [2013-10-08]
CHR HKLM-x32\...\Chrome\Extension: [heoldelcflnigdllmlopiefhkkobendj] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\chromeextension\chromeextension.crx [2013-08-31]
CHR HKLM-x32\...\Chrome\Extension: [kembfcmnocipgabpfmkeannjggpjaeak] - C:\Users\JOHNF~1\AppData\Local\speedial.crx [2013-08-31]

==================== Services (Whitelisted) =================

R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [X]

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-10] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-25] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
R1 tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [109072 2013-09-04] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [175528 2013-09-04] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [46392 2012-08-23] (Trend Micro Inc.)
S3 tmeevw; C:\Windows\system32\DRIVERS\tmeevw.sys [94520 2012-12-07] (Trend Micro Inc.)
S0 tmel; C:\Windows\System32\DRIVERS\tmel.sys [34224 2012-07-27] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [77184 2013-09-04] (Trend Micro Inc.)
R2 tmusa; C:\Windows\system32\DRIVERS\tmusa.sys [92456 2012-12-26] (Trend Micro Inc.)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
S1 {a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64; system32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-10 20:01 - 2014-06-10 20:01 - 00019192 _____ () C:\Users\John F\Desktop\FRST.txt
2014-06-10 20:01 - 2014-06-10 20:01 - 00000000 ____D () C:\Users\John F\Desktop\FRST-OlderVersion
2014-06-10 18:21 - 2014-06-10 18:21 - 00008893 _____ () C:\Users\John F\Desktop\mal1.txt
2014-06-10 18:20 - 2014-06-10 18:20 - 00001042 _____ () C:\Users\John F\Desktop\mal2.txt
2014-06-09 23:57 - 2014-06-10 19:30 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-09 23:57 - 2014-06-09 23:57 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-09 23:57 - 2014-06-09 23:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-09 23:57 - 2014-06-09 23:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-09 23:57 - 2014-06-09 23:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-09 23:57 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-06-09 23:57 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-06-09 23:57 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-06-09 23:55 - 2014-06-09 23:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\John F\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-09 23:31 - 2014-06-09 23:31 - 04161050 _____ () C:\Users\John F\Desktop\tdsskiller.zip
2014-06-09 23:00 - 2014-06-10 18:35 - 00116282 _____ () C:\Users\John F\Desktop\OTL.Txt
2014-06-09 22:53 - 2014-06-09 22:53 - 00000711 _____ () C:\Users\John F\Desktop\JRT.txt
2014-06-09 22:50 - 2014-06-09 22:50 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-06-09 22:49 - 2014-06-09 22:49 - 01016261 _____ (Thisisu) C:\Users\John F\Desktop\JRT.exe
2014-06-09 22:47 - 2014-06-09 22:47 - 00003180 _____ () C:\Users\John F\Desktop\AdwCleaner[S0].txt
2014-06-09 22:41 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-06-09 22:36 - 2014-06-09 22:43 - 00000000 ____D () C:\AdwCleaner
2014-06-09 22:36 - 2014-06-09 22:36 - 01333465 _____ () C:\Users\John F\Desktop\AdwCleaner.exe
2014-06-09 22:25 - 2014-06-09 22:25 - 00000000 ____D () C:\_OTL
2014-06-09 21:59 - 2014-06-09 21:59 - 04745728 _____ (AVAST Software) C:\Users\John F\Desktop\aswmbr.exe
2014-06-09 21:50 - 2014-06-09 21:50 - 00001697 _____ () C:\Users\John F\Desktop\aswMBR.txt
2014-06-09 21:50 - 2014-06-09 21:50 - 00000512 _____ () C:\Users\John F\Desktop\MBR.dat
2014-06-09 21:41 - 2014-06-09 21:41 - 00026486 _____ () C:\Users\John F\Desktop\Addition.txt
2014-06-09 21:40 - 2014-06-10 20:01 - 00000000 ____D () C:\FRST
2014-06-09 21:38 - 2014-06-09 21:38 - 04745728 _____ (AVAST Software) C:\Users\John F\Downloads\aswmbr.exe
2014-06-09 21:35 - 2014-06-10 20:01 - 02081792 _____ (Farbar) C:\Users\John F\Desktop\FRST64.exe
2014-06-09 21:35 - 2014-06-09 21:35 - 02080768 _____ (Farbar) C:\Users\John F\Downloads\FRST64.exe
2014-06-09 21:34 - 2014-06-09 21:35 - 00024646 _____ () C:\Users\John F\Desktop\farbar-recovery-scan-tool.htm
2014-06-09 21:21 - 2014-06-09 21:21 - 00602112 _____ (OldTimer Tools) C:\Users\John F\Desktop\OTL.exe
2014-06-09 20:45 - 2014-04-19 13:18 - 00197000 _____ () C:\Program Files (x86)\gtres.dll
2014-06-09 20:07 - 2014-06-09 20:07 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-09 20:04 - 2014-06-09 20:04 - 00686816 _____ () C:\Users\John F\Downloads\flvplayer (1).exe
2014-06-09 20:04 - 2014-06-09 20:04 - 00002646 _____ () C:\WINDOWS\System32\Tasks\Rocket Updater
2014-06-09 20:03 - 2014-06-09 20:03 - 00000044 _____ () C:\Users\John F\AppData\Roaming\WB.CFG
2014-06-09 20:01 - 2014-06-09 20:01 - 01058200 _____ (Adobe) C:\Users\John F\Downloads\install_flashplayer13x32ax_mssd_aih.exe
2014-06-09 19:59 - 2014-06-09 19:59 - 00686816 _____ () C:\Users\John F\Downloads\flvplayer.exe
2014-06-09 19:59 - 2014-06-09 19:59 - 00001146 _____ () C:\Users\John F\Desktop\Continue flvplayer Installation.lnk
2014-06-07 00:48 - 2014-06-07 00:48 - 00000015 _____ () C:\Users\John F\Documents\D Movie.txt
2014-05-30 21:44 - 2014-05-30 21:44 - 00000143 _____ () C:\Users\John F\Documents\gps numbers.txt
2014-05-21 20:18 - 2014-05-21 20:18 - 01623184 _____ (Graboid Inc.) C:\Users\John F\Downloads\GraboidVideoInstaller-5.1.3.0 (2).exe
2014-05-21 20:18 - 2014-05-21 20:18 - 01623184 _____ (Graboid Inc.) C:\Users\John F\Downloads\GraboidVideoInstaller-5.1.3.0 (1).exe
2014-05-21 20:17 - 2014-05-21 20:17 - 01623184 _____ (Graboid Inc.) C:\Users\John F\Downloads\GraboidVideoInstaller-5.2.0.0.exe
2014-05-21 20:17 - 2014-05-21 20:17 - 01623184 _____ (Graboid Inc.) C:\Users\John F\Downloads\GraboidVideoInstaller-5.1.3.0.exe
2014-05-14 00:45 - 2014-03-23 22:30 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-05-14 00:45 - 2014-03-23 22:30 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-05-14 00:45 - 2014-03-23 22:27 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-05-14 00:45 - 2014-03-13 03:42 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2014-05-14 00:45 - 2014-03-13 02:51 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2014-05-14 00:44 - 2014-05-06 00:40 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-14 00:44 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-14 00:44 - 2014-05-05 23:00 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-14 00:44 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-14 00:44 - 2014-04-11 06:03 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-05-14 00:44 - 2014-04-11 06:03 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-05-14 00:44 - 2014-04-11 04:25 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2014-05-14 00:44 - 2014-04-11 02:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-05-14 00:44 - 2014-04-11 01:53 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-05-14 00:44 - 2014-04-11 01:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-05-14 00:44 - 2014-04-10 23:54 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-05-14 00:44 - 2014-04-10 23:36 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-05-14 00:44 - 2014-04-10 23:24 - 13288960 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-05-14 00:44 - 2014-04-10 23:06 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-05-14 00:44 - 2014-04-10 23:05 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 00:44 - 2014-04-10 23:05 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-05-14 00:44 - 2014-04-10 23:02 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 00:44 - 2014-04-10 23:02 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-05-14 00:44 - 2014-04-10 23:01 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-05-14 00:44 - 2014-04-10 23:00 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-05-14 00:44 - 2014-04-10 22:59 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-05-14 00:44 - 2014-04-10 22:57 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-05-14 00:44 - 2014-04-10 22:56 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-05-14 00:44 - 2014-04-10 22:55 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-05-14 00:44 - 2014-04-10 22:53 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-05-14 00:44 - 2014-04-10 22:52 - 03464192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-05-14 00:44 - 2014-04-10 22:46 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-05-14 00:44 - 2014-04-10 22:36 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-05-14 00:44 - 2014-04-10 22:34 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-05-14 00:44 - 2014-04-10 22:29 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-05-14 00:44 - 2014-04-10 22:25 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-05-14 00:43 - 2014-04-08 18:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll
2014-05-14 00:43 - 2014-04-08 18:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll
2014-05-14 00:43 - 2014-04-08 14:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll
2014-05-14 00:43 - 2014-04-08 14:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll
2014-05-14 00:43 - 2014-03-27 05:12 - 21225584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-05-14 00:43 - 2014-03-27 03:48 - 18679728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

==================== One Month Modified Files and Folders =======

2014-06-10 20:01 - 2014-06-10 20:01 - 00019192 _____ () C:\Users\John F\Desktop\FRST.txt
2014-06-10 20:01 - 2014-06-10 20:01 - 00000000 ____D () C:\Users\John F\Desktop\FRST-OlderVersion
2014-06-10 20:01 - 2014-06-09 21:40 - 00000000 ____D () C:\FRST
2014-06-10 20:01 - 2014-06-09 21:35 - 02081792 _____ (Farbar) C:\Users\John F\Desktop\FRST64.exe
2014-06-10 20:01 - 2013-10-26 11:11 - 00000000 ____D () C:\Users\John F\AppData\Local\Temp
2014-06-10 20:01 - 2013-08-31 14:28 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2012782116-1702301767-3356681026-1002
2014-06-10 20:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-06-10 19:56 - 2013-08-31 15:24 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-10 19:56 - 2013-08-31 15:22 - 00000908 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-10 19:56 - 2013-08-31 15:22 - 00000904 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-10 19:43 - 2013-10-26 11:06 - 01444958 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-10 19:41 - 2014-03-08 03:26 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-06-10 19:30 - 2014-06-09 23:57 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-10 19:30 - 2013-10-27 03:50 - 00000000 __RDO () C:\Users\John F\SkyDrive
2014-06-10 19:29 - 2013-09-29 23:55 - 00026274 _____ () C:\WINDOWS\PFRO.log
2014-06-10 19:29 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-10 19:29 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-06-10 18:35 - 2014-06-09 23:00 - 00116282 _____ () C:\Users\John F\Desktop\OTL.Txt
2014-06-10 18:21 - 2014-06-10 18:21 - 00008893 _____ () C:\Users\John F\Desktop\mal1.txt
2014-06-10 18:20 - 2014-06-10 18:20 - 00001042 _____ () C:\Users\John F\Desktop\mal2.txt
2014-06-10 18:05 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-06-10 00:13 - 2013-09-29 23:51 - 00000000 ____D () C:\WINDOWS\ShellNew
2014-06-09 23:57 - 2014-06-09 23:57 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-09 23:57 - 2014-06-09 23:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-09 23:57 - 2014-06-09 23:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-09 23:57 - 2014-06-09 23:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-09 23:55 - 2014-06-09 23:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\John F\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-09 23:31 - 2014-06-09 23:31 - 04161050 _____ () C:\Users\John F\Desktop\tdsskiller.zip
2014-06-09 22:53 - 2014-06-09 22:53 - 00000711 _____ () C:\Users\John F\Desktop\JRT.txt
2014-06-09 22:50 - 2014-06-09 22:50 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-06-09 22:49 - 2014-06-09 22:49 - 01016261 _____ (Thisisu) C:\Users\John F\Desktop\JRT.exe
2014-06-09 22:47 - 2014-06-09 22:47 - 00003180 _____ () C:\Users\John F\Desktop\AdwCleaner[S0].txt
2014-06-09 22:43 - 2014-06-09 22:36 - 00000000 ____D () C:\AdwCleaner
2014-06-09 22:36 - 2014-06-09 22:36 - 01333465 _____ () C:\Users\John F\Desktop\AdwCleaner.exe
2014-06-09 22:31 - 2014-03-08 03:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-09 22:25 - 2014-06-09 22:25 - 00000000 ____D () C:\_OTL
2014-06-09 21:59 - 2014-06-09 21:59 - 04745728 _____ (AVAST Software) C:\Users\John F\Desktop\aswmbr.exe
2014-06-09 21:50 - 2014-06-09 21:50 - 00001697 _____ () C:\Users\John F\Desktop\aswMBR.txt
2014-06-09 21:50 - 2014-06-09 21:50 - 00000512 _____ () C:\Users\John F\Desktop\MBR.dat
2014-06-09 21:41 - 2014-06-09 21:41 - 00026486 _____ () C:\Users\John F\Desktop\Addition.txt
2014-06-09 21:38 - 2014-06-09 21:38 - 04745728 _____ (AVAST Software) C:\Users\John F\Downloads\aswmbr.exe
2014-06-09 21:35 - 2014-06-09 21:35 - 02080768 _____ (Farbar) C:\Users\John F\Downloads\FRST64.exe
2014-06-09 21:35 - 2014-06-09 21:34 - 00024646 _____ () C:\Users\John F\Desktop\farbar-recovery-scan-tool.htm
2014-06-09 21:21 - 2014-06-09 21:21 - 00602112 _____ (OldTimer Tools) C:\Users\John F\Desktop\OTL.exe
2014-06-09 21:08 - 2013-08-22 09:25 - 00000194 _____ () C:\WINDOWS\win.ini
2014-06-09 20:28 - 2013-08-31 14:22 - 00000000 ___RD () C:\Users\John F\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-09 20:07 - 2014-06-09 20:07 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-09 20:04 - 2014-06-09 20:04 - 00686816 _____ () C:\Users\John F\Downloads\flvplayer (1).exe
2014-06-09 20:04 - 2014-06-09 20:04 - 00002646 _____ () C:\WINDOWS\System32\Tasks\Rocket Updater
2014-06-09 20:03 - 2014-06-09 20:03 - 00000044 _____ () C:\Users\John F\AppData\Roaming\WB.CFG
2014-06-09 20:01 - 2014-06-09 20:01 - 01058200 _____ (Adobe) C:\Users\John F\Downloads\install_flashplayer13x32ax_mssd_aih.exe
2014-06-09 19:59 - 2014-06-09 19:59 - 00686816 _____ () C:\Users\John F\Downloads\flvplayer.exe
2014-06-09 19:59 - 2014-06-09 19:59 - 00001146 _____ () C:\Users\John F\Desktop\Continue flvplayer Installation.lnk
2014-06-07 00:48 - 2014-06-07 00:48 - 00000015 _____ () C:\Users\John F\Documents\D Movie.txt
2014-06-05 22:06 - 2013-10-26 11:11 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Temp
2014-05-31 15:13 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-05-30 21:44 - 2014-05-30 21:44 - 00000143 _____ () C:\Users\John F\Documents\gps numbers.txt
2014-05-26 21:35 - 2013-10-26 11:11 - 00000000 ____D () C:\Users\John F
2014-05-25 20:14 - 2013-08-31 14:21 - 00000000 ____D () C:\Users\John F\AppData\Local\Packages
2014-05-21 20:18 - 2014-05-21 20:18 - 01623184 _____ (Graboid Inc.) C:\Users\John F\Downloads\GraboidVideoInstaller-5.1.3.0 (2).exe
2014-05-21 20:18 - 2014-05-21 20:18 - 01623184 _____ (Graboid Inc.) C:\Users\John F\Downloads\GraboidVideoInstaller-5.1.3.0 (1).exe
2014-05-21 20:17 - 2014-05-21 20:17 - 01623184 _____ (Graboid Inc.) C:\Users\John F\Downloads\GraboidVideoInstaller-5.2.0.0.exe
2014-05-21 20:17 - 2014-05-21 20:17 - 01623184 _____ (Graboid Inc.) C:\Users\John F\Downloads\GraboidVideoInstaller-5.1.3.0.exe
2014-05-20 19:22 - 2013-10-20 13:14 - 00349696 ___SH () C:\Users\John F\Desktop\Thumbs.db
2014-05-19 20:48 - 2013-10-21 18:08 - 00000000 ____D () C:\Users\John F\Documents\teco
2014-05-19 20:42 - 2013-10-21 18:02 - 00000000 ____D () C:\Users\John F\Documents\water bill
2014-05-19 08:00 - 2014-01-10 16:01 - 00001403 _____ () C:\Users\John F\Desktop\uhyj7k.lnk
2014-05-19 08:00 - 2014-01-10 16:01 - 00001218 _____ () C:\Users\John F\Desktop\ROBLOX Studio 2013.lnk
2014-05-19 08:00 - 2014-01-10 16:01 - 00000000 ____D () C:\Users\John F\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-05-17 03:54 - 2013-09-02 02:45 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-17 03:52 - 2013-09-02 02:45 - 93223848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-15 01:36 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-05-14 20:35 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Registration
2014-05-14 19:56 - 2014-01-14 22:24 - 00045568 ___SH () C:\Users\John F\Downloads\Thumbs.db
2014-05-14 19:53 - 2013-08-31 14:22 - 00000000 ___RD () C:\Users\John F\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-14 19:51 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-05-14 19:51 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-14 19:51 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-14 19:51 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-05-14 19:51 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-14 19:51 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-14 19:49 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates
2014-05-14 00:52 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-05-14 00:41 - 2014-03-08 03:26 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-05-12 19:51 - 2013-08-31 15:22 - 00003880 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-12 19:51 - 2013-08-31 15:22 - 00003644 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-12 07:26 - 2014-06-09 23:57 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-09 23:57 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-09 23:57 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

Some content of TEMP:
====================
C:\Users\John F\AppData\Local\Temp\Quarantine.exe
C:\Users\John F\AppData\Local\Temp\{E2BB3C14-D5A5-49C4-B956-265400362F2E}.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-10 00:40

==================== End Of Log ============================


  • 0

Advertisements

#32
pystryker
Posted 10 June 2014 - 07:20 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Ok, I see it now. :) After doing this, check and make sure Chrome doesn't go back to rocketfind.

Changing Chrome's Homepage

We need to change your homepage in Chrome. Please follow the instructions below.
  • Open Chrome and type this in the address bar: chrome:settings
  • When the Settings page opens, look under On Startup and then click Open a specific set of pages and click Set Pages
  • When the window opens, look for the rocket-find entry in there and remove it.
  • Once you have removed it, close the window.
Let me know if that took care of it, and we'll proceed. :thumbsup:
  • 0

#33
jfavata
Posted 10 June 2014 - 07:23 PM

jfavata

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

That worked....no longer redirecting.


  • 0

#34
pystryker
Posted 10 June 2014 - 07:28 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts

That worked....no longer redirecting.


Good to hear. :) Ok, let's move on to the ESET problem.

As for the eset onliner scanner...it will not run after clicking...just get a light blue box


How far into the instructions were you when it would not work?
  • 0

#35
jfavata
Posted 10 June 2014 - 07:33 PM

jfavata

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Select the option YES, I accept the Terms of Use then click on Start

 

Then it was just a light blue box...nothing else would happen


  • 0

#36
pystryker
Posted 10 June 2014 - 07:37 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Do you have any type of a pop up blocker running in the browser you used? Also, what browser are you using? Either IE or FireFox would be ideal.
  • 0

#37
jfavata
Posted 10 June 2014 - 07:39 PM

jfavata

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Using IE...there probably is a popup blocker running, not sure
 


  • 0

#38
pystryker
Posted 10 June 2014 - 07:44 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
See if this will shut it down if it's running. If not, then give FireFox a try. If FF doesn't work either, we'll use a different scanner. :thumbsup:


Tap or click the Tools button in IE, and then tap or click Internet options.

On the Privacy tab, under Pop-up Blocker, select or clear the Turn on Pop-up Blocker check box, and then tap or click OK.
  • 0

#39
jfavata
Posted 10 June 2014 - 08:47 PM

jfavata

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

Ran the scan on Firefox....it found three threats but had another problem as I can't get the log. This what I get

 

 

File not found

Firefox can't find the file at /C:/Program Files(x86)/ESET/EsetOnlineScanner/log.txt.

    Check the file name for capitalization or other typing errors.
    Check to see if the file was moved, renamed or deleted.


  • 0

#40
pystryker
Posted 10 June 2014 - 08:49 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Use notepad instead of Firefox to open the file, although with it only finding 3 threats, I'm betting it's things we've already killed.
  • 0

Advertisements

#41
jfavata
Posted 10 June 2014 - 08:51 PM

jfavata

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=6bc1bc0ae31cb2469d00eb6ceb156241
# engine=18657
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-11 02:41:15
# local_time=2014-06-10 10:41:15 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1='Trend Micro Titanium Internet Security'
# compatibility_mode=521 16777213 100 98 3943065 58319237 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 5912796 0 0
# scanned=138872
# found=3
# cleaned=0
# scan_time=2640
sh=0239F7A3159B76A9696661A7E3C460F49406727F ft=1 fh=f053f1fc336d0594 vn="a variant of Win32/Toolbar.MyWebSearch.V potentially unwanted application" ac=I fn="C:\Users\John F\AppData\LocalLow\VideoDownloadConverter_4zEI\Installr\Cache\141D6FDC.exe"
sh=F82755497815F1DCC6DDFBC96C564BE76929110B ft=1 fh=032b199ce2f8488e vn="a variant of Win32/InstallCore.ON potentially unwanted application" ac=I fn="C:\Users\John F\Downloads\flvplayer (1).exe"
sh=3CCE64302E9C02B0E9E99B956F06BAFF264B7B91 ft=1 fh=032b199c23059412 vn="a variant of Win32/InstallCore.ON potentially unwanted application" ac=I fn="C:\Users\John F\Downloads\flvplayer.exe"
 


  • 0

#42
pystryker
Posted 10 June 2014 - 09:02 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Good, just couple little remnants to tidy up. :thumbsup:


Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL by double clicking it (Windows Vista, Windows 7, and 8, right click and select "Run as Administrator)
  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.
otlrunfix.jpg


:Commands
[createrestorepoint]

:Files
C:\Users\John F\AppData\LocalLow\VideoDownloadConverter_4zEI\Installr\Cache\141D6FDC.exe
C:\Users\John F\Downloads\flvplayer*.*

:Commands
[reboot]

  • Click the Run Fix button at the top of the OTL control panel.
  • Let the program run until it's finished and then reboot the computer.
  • Once your machine has rebooted, the log can be found in this directory: C:\_OTL\MovedFiles Please post that log in your next reply.
If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.
  • 0

#43
jfavata
Posted 10 June 2014 - 09:13 PM

jfavata

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Users\John F\AppData\LocalLow\VideoDownloadConverter_4zEI\Installr\Cache\141D6FDC.exe moved successfully.
C:\Users\John F\Downloads\flvplayer (1).exe moved successfully.
C:\Users\John F\Downloads\flvplayer.exe moved successfully.
========== COMMANDS ==========
 
OTL by OldTimer - Version 3.2.69.0 log created on 06102014_230836


  • 0

#44
pystryker
Posted 10 June 2014 - 09:14 PM

pystryker

    Trusted Helper

  • Malware Removal
  • 3,912 posts
Very good, let's run a check for out of date programs.


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

  • 0

#45
jfavata
Posted 10 June 2014 - 09:21 PM

jfavata

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

 Results of screen317's Security Check version 0.99.84 
   x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Trend Micro Titanium Internet Security  
Windows Defender                        
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player  13.0.0.214 
 Mozilla Firefox (28.0)
 Google Chrome 34.0.1847.137 
 Google Chrome 35.0.1916.114 
````````Process Check: objlist.exe by Laurent```````` 
 Windows Defender MSMpEng.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe  
 Windows Defender MpCmdRun.exe  
 Trend Micro UniClient UiFrmWrk uiWatchDog.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP