Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
- Ran by Robert (administrator) on ROBERT-PC (13-11-2015 17:44:45)
- Running from C:\Users\Robert\Desktop
- Loaded Profiles: Robert & UpdatusUser (Available Profiles: Robert & UpdatusUser)
- Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
- Internet Explorer Version 11 (Default browser not detected!)
- Boot Mode: Normal
- Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
- ==================== Processes (Whitelisted) =================
- (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
- (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
- (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
- (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
- (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
- (Amazon Inc.) C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe
- (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
- (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
- () C:\Program Files (x86)\Cloud PC Defender\AntivirusWatcher.exe
- ( ) C:\Windows\System32\lxdpcoms.exe
- (Ninja Soft Inc.) C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe
- (Protected Soft.) C:\Program Files\ProtectedStorageManager\lsassm.exe
- (Ninja Soft Inc.) C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe
- (Ninja Soft Inc.) C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe
- (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
- (The Chromium Authors) C:\Users\Robert\AppData\Local\Ninja Loader\Chrome-bin\chrome.exe
- (CYREN Inc.) C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe
- (CYREN Inc.) C:\Program Files\Common Files\Commtouch\AntiVirus5\vseqrts.exe
- () C:\ProgramData\WCService\WCService.exe
- (CYREN Inc.) C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe
- (Protected Soft.) C:\Program Files\ProtectedStorageManager\packages\b5e1c8a5-f79c-465f-a594-7dc35153ecc4\lsassmu.exe
- (The Chromium Authors) C:\Users\Robert\AppData\Local\Ninja Loader\Chrome-bin\chrome.exe
- (The Chromium Authors) C:\Users\Robert\AppData\Local\Ninja Loader\Chrome-bin\chrome.exe
- () C:\Program Files (x86)\Cloud PC Defender\AntivirusUpdater.exe
- () C:\Program Files (x86)\Cloud PC Defender\AntivirusAgent.exe
- (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
- (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
- (Microsoft Corporation) C:\Windows\System32\rundll32.exe
- (YTDownloader) C:\Program Files (x86)\YTDownloader\YTDownloader.exe
- (Goobzo) C:\Program Files (x86)\YTDownloader\Updater.exe
- (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
- ==================== Registry (Whitelisted) ===========================
- (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
- HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
- GroupPolicy: Restriction - Chrome <======= ATTENTION
- CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
- ==================== Internet (Whitelisted) ====================
- (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
- HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 0 <======= ATTENTION (Restriction - ProxySettings)
- ProxyEnable: [HKLM] => Proxy is enabled.
- ProxyEnable: [HKLM-x32] => Proxy is enabled.
- ProxyServer: [HKLM] => http=127.0.0.1:49791;https=127.0.0.1:49791
- ProxyServer: [HKLM-x32] => http=127.0.0.1:49791;https=127.0.0.1:49791
- AutoConfigURL: [HKLM] => http=127.0.0.1:49791;https=127.0.0.1:49791
- Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
- Tcpip\..\Interfaces\{ABED4C91-A600-41AB-9B98-195C2C900925}: [DhcpNameServer] 192.168.1.1
- Internet Explorer:
- ==================
- HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
- HKU\S-1-5-21-1491877336-470492222-3658018201-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
- HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
- HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
- URLSearchHook: HKLM-x32 -> Default = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
- SearchScopes: HKLM -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
- SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
- SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
- SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
- SearchScopes: HKU\.DEFAULT -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
- SearchScopes: HKU\S-1-5-21-1491877336-470492222-3658018201-1000 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://search.twcc.com/?src=toolbar#web/{searchTerms}/1/
- SearchScopes: HKU\S-1-5-21-1491877336-470492222-3658018201-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
- Toolbar: HKU\S-1-5-21-1491877336-470492222-3658018201-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
- Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - No File
- FireFox:
- ========
- FF ProfilePath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\mppueken.default
- FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_191.dll [2015-07-09] ()
- FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
- FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
- FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_191.dll [2015-07-09] ()
- FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
- FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
- FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-28] (Google Inc.)
- FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-28] (Google Inc.)
- FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
- FF Extension: Coupon Marvel - C:\Users\Robert\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\jid1-xGIjYAPvEA9ENA@jetpack.xpi [2014-10-21] [not signed]
- FF Extension: Search Snacks - C:\Program Files (x86)\Mozilla Firefox\extensions\{fc4350fc-3e37-4f1e-8341-5af31e09f020} [2014-12-03] [not signed]
- FF Extension: No Name - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\mppueken.default\extensions\{515c4efa-8813-4abe-9cd7-95731f5e0a90} [not found]
- FF Extension: No Name - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\mppueken.default\extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [not found]
- FF Extension: No Name - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\mppueken.default\extensions\idmsq@idmsq.com [not found]
- FF Extension: No Name - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\mppueken.default\extensions\{037A8456-0903-427E-B5E0-7D95FDD598AE} [not found]
- FF Extension: No Name - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\mppueken.default\extensions\{607b689f-7600-45e4-b8e5-887f72dab15c} [not found]
- FF Extension: No Name - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\mppueken.default\extensions\caseyathaniel30@hotmail.com [not found]
- FF Extension: No Name - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\mppueken.default\extensions\wrigtdamon@yahoo.com [not found]
- FF Extension: No Name - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\mppueken.default\extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com [not found]
- FF Extension: No Name - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\mppueken.default\extensions\{f0ec4af0-5d38-45ef-8d30-6a5f59488023}.xpi [not found]
- FF Extension: No Name - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\mppueken.default\extensions\e4aa8e99-7176-43d9-9f3f-3c3302d236b6@gmail.com [not found]
- FF Extension: No Name - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\mppueken.default\extensions\23fb8bb3-ac21-4230-bbfa-49b94968bc63@gmail.com [not found]
- FF Extension: No Name - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\mppueken.default\extensions\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404} [not found]
- FF Extension: No Name - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\mppueken.default\extensions\faststartff@gmail.com [not found]
- FF Extension: No Name - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\mppueken.default\extensions\TidyNetwork@TidyNetwork [not found]
- FF Extension: No Name - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\mppueken.default\extensions\{9aafbc7e-7f71-475e-8944-dca9aba1ecb6} [not found]
- FF Extension: No Name - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\mppueken.default\extensions\{9aafbc7e-7f71-475e-8944-dca9aba1ecb6} [not found]
- Chrome:
- =======
- CHR dev: Chrome dev build detected! <======= ATTENTION
- CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
- CHR RestoreOnStartup: Default -> "hxxp://search.yahoo.com/?fr=hp-ddc-bd&type=840_pr__alt__ddc_dsssyc_bd_com"
- CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms}
- CHR DefaultSearchKeyword: Default -> search.ask.com
- CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
- CHR Profile: C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default
- ==================== Services (Whitelisted) ========================
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- R2 Amazon 1Button App Service; C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [456000 2015-05-06] (Amazon Inc.)
- R2 AntivirusAgentSvc; C:\Program Files (x86)\Cloud PC Defender\AntivirusAgent.exe [34816 2014-06-24] () [File not signed]
- R2 AntivirusUpdateSvc; C:\Program Files (x86)\Cloud PC Defender\AntivirusUpdater.exe [14336 2014-06-24] () [File not signed]
- R2 AntivirusWatcher; C:\Program Files (x86)\Cloud PC Defender\AntivirusWatcher.exe [9216 2014-06-24] () [File not signed]
- S2 BrsHelper; C:\Program Files (x86)\YTDownloader\BrowserHelperSrv.exe [22376 2015-01-08] ()
- R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-13] (Microsoft Corporation)
- R2 lxdp_device; C:\Windows\system32\lxdpcoms.exe [1039872 2007-11-19] ( )
- S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
- R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
- R2 NinjaLoaderService; C:\Program Files (x86)\Ninja Loader\NinjaMaintainer.exe [52736 2014-12-28] (Ninja Soft Inc.) [File not signed]
- S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
- R2 ProtectedStorageManager; C:\Program Files\ProtectedStorageManager\lsassm.exe [375808 2015-04-14] (Protected Soft.) [File not signed]
- R2 vseamps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe [122120 2014-05-02] (CYREN Inc.)
- R2 vsedsps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe [119560 2014-05-02] (CYREN Inc.)
- R3 vseqrts; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseqrts.exe [181512 2014-05-02] (CYREN Inc.)
- R2 WCService; C:\ProgramData\WCService\WCService.exe [132608 2014-12-07] () [File not signed]
- S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
- ===================== Drivers (Whitelisted) ==========================
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- R2 AMP; C:\Windows\system32\Drivers\amp.sys [174856 2014-05-02] (CYREN Inc.)
- R2 AMPSE; C:\Windows\system32\Drivers\ampse.sys [1766152 2014-05-02] (CYREN Inc.)
- S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
- R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2014-04-07] (EldoS Corporation)
- R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
- S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-11] (Malwarebytes)
- S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
- R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
- S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
- R2 sbmntr; C:\Program Files (x86)\YTDownloader\sbmntr.sys [58728 2015-01-08] (YTDownloader)
- S3 cpuz134; \??\C:\Users\Robert\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
- ==================== NetSvcs (Whitelisted) ===================
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- ==================== One Month Created files and folders ========
- (If an entry is included in the fixlist, the file/folder will be moved.)
- 2015-11-13 17:44 - 2015-11-13 17:45 - 00013916 _____ C:\Users\Robert\Desktop\FRST.txt
- 2015-11-13 17:44 - 2015-11-11 17:43 - 02198528 _____ (Farbar) C:\Users\Robert\Desktop\FRST64.exe
- 2015-11-13 17:40 - 2015-11-13 17:40 - 00000020 ___SH C:\Users\TEMP\ntuser.ini
- 2015-11-13 17:40 - 2015-11-13 17:40 - 00000000 ____D C:\Users\TEMP
- 2015-11-13 17:40 - 2015-11-11 18:11 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\iolo
- 2015-11-13 17:40 - 2009-07-13 23:54 - 00000000 ___RD C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
- 2015-11-13 17:40 - 2009-07-13 23:49 - 00000000 ___RD C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
- 2015-11-13 17:39 - 2015-11-13 17:34 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Robert\Desktop\tdsskiller.exe
- 2015-11-11 22:22 - 2015-11-11 20:11 - 02870984 _____ (ESET) C:\Users\Robert\Desktop\esetsmartinstaller_enu.exe
- 2015-11-11 22:21 - 2015-11-11 22:21 - 00000000 ____D C:\Program Files (x86)\ESET
- 2015-11-11 19:41 - 2015-11-11 19:41 - 00001627 _____ C:\Users\Robert\Desktop\malwarebyte.txt
- 2015-11-11 18:59 - 2015-11-11 18:59 - 00000000 ____D C:\Windows\pss
- 2015-11-11 17:50 - 2015-11-11 23:00 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
- 2015-11-11 17:50 - 2015-11-11 18:46 - 00001105 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
- 2015-11-11 17:50 - 2015-11-11 17:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
- 2015-11-11 17:50 - 2015-11-11 17:50 - 00000000 ____D C:\ProgramData\Malwarebytes
- 2015-11-11 17:50 - 2015-11-11 17:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
- 2015-11-11 17:50 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
- 2015-11-11 17:50 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
- 2015-11-11 17:50 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
- 2015-11-11 17:45 - 2015-11-13 17:45 - 00000000 ____D C:\FRST
- 2015-11-11 17:41 - 2015-11-11 18:11 - 00000000 ____D C:\Users\Default\AppData\Roaming\iolo
- 2015-11-11 17:41 - 2015-11-11 18:11 - 00000000 ____D C:\Users\Default User\AppData\Roaming\iolo
- 2015-11-11 17:34 - 2015-11-11 17:34 - 00000000 ____D C:\Windows\system32\%LocalAppData%
- 2015-11-11 17:19 - 2015-11-11 17:19 - 00000000 ____D C:\Program Files (x86)\GUM9D86.tmp
- 2015-11-11 17:19 - 2015-11-11 17:19 - 00000000 _____ C:\Users\Robert\AppData\Local\{7CD2C8D3-BF8B-41D9-A233-46C0B7545228}
- ==================== One Month Modified files and folders ========
- (If an entry is included in the fixlist, the file/folder will be moved.)
- 2015-11-13 17:49 - 2009-07-14 00:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
- 2015-11-13 17:46 - 2009-07-13 23:45 - 00028128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
- 2015-11-13 17:46 - 2009-07-13 23:45 - 00028128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
- 2015-11-13 17:37 - 2015-04-07 04:58 - 00001008 _____ C:\Windows\Tasks\1Lpsl7rkbpk08XPM.job
- 2015-11-13 17:37 - 2013-07-02 18:39 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- 2015-11-13 17:37 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
- 2015-11-13 17:37 - 2009-07-13 23:51 - 00061531 _____ C:\Windows\setupact.log
- 2015-11-11 23:53 - 2013-06-28 21:47 - 01182342 _____ C:\Windows\WindowsUpdate.log
- 2015-11-11 23:18 - 2013-07-02 18:39 - 00000000 ____D C:\Program Files\Google
- 2015-11-11 23:18 - 2013-07-02 18:39 - 00000000 ____D C:\Program Files (x86)\Google
- 2015-11-11 23:18 - 2010-11-20 22:47 - 02907698 _____ C:\Windows\PFRO.log
- 2015-11-11 23:15 - 2015-07-09 05:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
- 2015-11-11 23:14 - 2014-12-10 18:36 - 00000000 ____D C:\Program Files (x86)\roadrunnertb
- 2015-11-11 23:10 - 2013-06-29 15:23 - 00000000 ____D C:\Program Files (x86)\Java
- 2015-11-11 23:08 - 2015-02-20 06:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
- 2015-11-11 23:08 - 2013-06-29 15:21 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
- 2015-11-11 23:06 - 2013-07-02 18:39 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- 2015-11-11 23:05 - 2014-12-07 11:13 - 00000000 __SHD C:\Users\Robert\AppData\Local\EmieUserList
- 2015-11-11 23:05 - 2014-12-07 11:13 - 00000000 __SHD C:\Users\Robert\AppData\Local\EmieSiteList
- 2015-11-11 23:05 - 2014-12-07 11:13 - 00000000 __SHD C:\Users\Robert\AppData\Local\EmieBrowserModeList
- 2015-11-11 23:05 - 2014-11-15 08:23 - 00000000 __SHD C:\Users\Robert\AppData\LocalLow\EmieBrowserModeList
- 2015-11-11 23:05 - 2014-05-20 16:34 - 00000000 __SHD C:\Users\Robert\AppData\LocalLow\EmieUserList
- 2015-11-11 23:05 - 2014-05-19 19:21 - 00000000 __SHD C:\Users\Robert\AppData\LocalLow\EmieSiteList
- 2015-11-11 23:05 - 2013-07-02 18:39 - 00000000 ____D C:\Users\Robert\AppData\Local\Google
- 2015-11-11 23:05 - 2013-07-02 18:39 - 00000000 ____D C:\ProgramData\Google
- 2015-11-11 23:04 - 2014-12-03 06:47 - 00000000 ____D C:\Program Files\COMODO
- 2015-11-11 21:42 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Speech
- 2015-11-11 19:06 - 2013-06-28 16:20 - 00000000 ____D C:\Users\Robert
- 2015-11-11 18:46 - 2015-07-01 06:59 - 00002134 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.lnk
- 2015-11-11 18:46 - 2014-09-16 04:19 - 00001179 _____ C:\Users\Public\Desktop\HiDef Media Player.lnk
- 2015-11-11 18:46 - 2013-07-10 04:05 - 00000382 _____ C:\Users\Public\Desktop\Complete Installation of Lexmark Z2300 Series.LNK
- 2015-11-11 18:46 - 2013-06-29 15:18 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
- 2015-11-11 18:46 - 2013-06-29 15:18 - 00002022 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
- 2015-11-11 18:46 - 2013-06-29 15:13 - 00000080 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
- 2015-11-11 18:46 - 2013-06-28 21:48 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
- 2015-11-11 18:46 - 2013-06-28 21:48 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
- 2015-11-11 18:46 - 2013-06-28 19:41 - 00002114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
- 2015-11-11 18:46 - 2009-07-13 23:57 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
- 2015-11-11 18:46 - 2009-07-13 23:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
- 2015-11-11 18:46 - 2009-07-13 23:57 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
- 2015-11-11 18:46 - 2009-07-13 23:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
- 2015-11-11 18:46 - 2009-07-13 23:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
- 2015-11-11 18:45 - 2015-01-10 15:05 - 00000000 ____D C:\Program Files (x86)\speed browser
- 2015-11-11 18:45 - 2014-12-03 06:44 - 00000000 ____D C:\ProgramData\Kromtech
- 2015-11-11 18:45 - 2014-10-30 06:02 - 00000000 ____D C:\Program Files (x86)\XTRM Group
- 2015-11-11 18:45 - 2014-08-06 06:07 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Store
- 2015-11-11 18:45 - 2009-07-14 00:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
- 2015-11-11 18:45 - 2009-07-13 23:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
- 2015-11-11 18:44 - 2015-07-09 09:01 - 00000000 ____D C:\Program Files (x86)\Harebrained Major
- 2015-11-11 18:44 - 2015-02-26 05:54 - 00000000 ____D C:\Program Files (x86)\bf6df6f9-a7e9-4aab-a042-b57fe4b10fdb
- 2015-11-11 18:44 - 2015-02-06 06:18 - 00000000 ____D C:\Users\Robert\AppData\Local\af80d166-99c2-4623-8a67-a42238fc5362
- 2015-11-11 18:44 - 2015-02-06 05:45 - 00000000 ____D C:\Program Files (x86)\81ccec0a-ced9-46d6-b2d2-674444106ad5
- 2015-11-11 18:44 - 2015-02-06 05:44 - 00000000 ____D C:\Program Files (x86)\2a15b561-6769-4fac-8cee-f830307686c2
- 2015-11-11 18:44 - 2015-02-01 18:58 - 00000000 ____D C:\ProgramData\e3c7b25600006bfd
- 2015-11-11 18:44 - 2015-02-01 18:04 - 00000000 ____D C:\Program Files (x86)\4f692e28-1758-4406-9a7d-7a464148e5bf
- 2015-11-11 18:44 - 2015-02-01 18:02 - 00000000 ____D C:\ProgramData\9525e814919641298ce6b712c8d229fa
- 2015-11-11 18:44 - 2015-02-01 18:02 - 00000000 ____D C:\ProgramData\{2d281167-4106-0e2c-2d28-81167410459d}
- 2015-11-11 18:44 - 2015-01-13 05:37 - 00000000 ____D C:\ProgramData\Browser
- 2015-11-11 18:44 - 2015-01-09 05:37 - 00000000 ____D C:\Program Files (x86)\globalUpdate
- 2015-11-11 18:44 - 2014-10-27 22:49 - 00000000 ____D C:\ProgramData\7740e5e2-3946-433b-8ea8-e4290a5c4bc8
- 2015-11-11 18:44 - 2014-10-16 06:20 - 00000000 ____D C:\ProgramData\APN
- 2015-11-11 18:44 - 2014-08-20 03:59 - 00000000 ____D C:\Users\Robert\AppData\Local\com
- 2015-11-11 18:44 - 2014-08-06 06:04 - 00000000 ____D C:\Program Files (x86)\Software
- 2015-11-11 18:44 - 2014-08-06 05:57 - 00000000 ____D C:\Users\Robert\AppData\LocalLow\Company
- 2015-11-11 18:44 - 2013-06-29 15:18 - 00000000 ____D C:\Program Files (x86)\Adobe
- 2015-11-11 17:19 - 2015-06-22 00:06 - 00003434 _____ C:\Windows\System32\Tasks\Iflopebe
- 2015-11-11 17:14 - 2015-07-09 05:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Technologies
- 2015-11-11 17:13 - 2015-07-09 05:09 - 00002856 _____ C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
- 2015-11-11 17:13 - 2015-07-09 05:09 - 00002856 _____ C:\Windows\system32\LavasoftTcpServiceOff.ini
- 2015-11-11 17:13 - 2015-04-05 00:56 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
- ==================== Files in the root of some directories =======
- 2015-03-31 03:14 - 2015-03-31 03:14 - 0005655 _____ () C:\Users\Robert\AppData\Roaming\1Lpsl7rkbpk08XPM
- 2015-03-02 19:46 - 2015-04-24 04:34 - 0000020 _____ () C:\Users\Robert\AppData\Roaming\appdataFr3.bin
- 2014-03-16 01:26 - 2014-08-20 04:09 - 0001212 _____ () C:\Users\Robert\AppData\Roaming\aps.scan.quick.results
- 2014-03-16 01:29 - 2014-08-20 04:09 - 0002954 _____ () C:\Users\Robert\AppData\Roaming\aps.scan.results
- 2014-03-16 01:26 - 2014-08-20 04:09 - 0000322 _____ () C:\Users\Robert\AppData\Roaming\aps.uninstall.scan.results
- 2014-09-01 03:18 - 2014-09-01 03:18 - 0001248 _____ () C:\Users\Robert\AppData\Roaming\CFKQE
- 2014-09-01 03:18 - 2014-09-01 03:18 - 0001248 _____ () C:\Users\Robert\AppData\Roaming\DCZGF
- 2014-09-01 03:18 - 2014-09-01 03:18 - 0001248 _____ () C:\Users\Robert\AppData\Roaming\DTWOOQ
- 2014-09-01 03:18 - 2014-09-01 03:18 - 0001248 _____ () C:\Users\Robert\AppData\Roaming\KRRXKYFY
- 2014-09-01 03:18 - 2014-09-01 03:18 - 0002086 _____ () C:\Users\Robert\AppData\Roaming\LKC
- 2014-09-01 03:18 - 2014-09-01 03:18 - 0001248 _____ () C:\Users\Robert\AppData\Roaming\LLUMUYCI
- 2014-09-01 03:18 - 2014-09-01 03:18 - 0001248 _____ () C:\Users\Robert\AppData\Roaming\MQSKHE
- 2014-09-01 03:18 - 2014-09-01 03:18 - 0002086 _____ () C:\Users\Robert\AppData\Roaming\OD
- 2014-09-01 03:18 - 2014-09-01 03:18 - 0001248 _____ () C:\Users\Robert\AppData\Roaming\QJJRX
- 2014-09-01 03:18 - 2014-09-01 03:18 - 0002086 _____ () C:\Users\Robert\AppData\Roaming\UVOX
- 2014-09-01 03:18 - 2014-09-01 03:18 - 0002086 _____ () C:\Users\Robert\AppData\Roaming\VR
- 2014-09-01 03:18 - 2014-09-01 03:18 - 0002086 _____ () C:\Users\Robert\AppData\Roaming\WDVFO
- 2014-09-01 03:18 - 2014-09-01 03:18 - 0002086 _____ () C:\Users\Robert\AppData\Roaming\WNXEIY
- 2014-09-01 03:18 - 2014-09-01 03:18 - 0002086 _____ () C:\Users\Robert\AppData\Roaming\YX
- 2014-09-01 03:18 - 2014-09-01 03:18 - 0001248 _____ () C:\Users\Robert\AppData\Roaming\ZSGVJ
- 2014-12-03 17:56 - 2014-12-03 17:56 - 0000064 _____ () C:\Users\Robert\AppData\Local\0bf183407680dbfd8267792e5a3a7ddb
- 2015-04-24 04:44 - 2015-04-24 04:44 - 0000000 _____ () C:\Users\Robert\AppData\Local\{343A8CA3-9AF6-4DA2-865B-7C1A33D1BF03}
- 2015-03-13 05:09 - 2015-03-13 05:09 - 0000000 _____ () C:\Users\Robert\AppData\Local\{641D8126-9ECB-4176-B62C-2C2FB742A8E9}
- 2015-11-11 17:19 - 2015-11-11 17:19 - 0000000 _____ () C:\Users\Robert\AppData\Local\{7CD2C8D3-BF8B-41D9-A233-46C0B7545228}
- 2015-02-03 17:11 - 2015-02-03 17:11 - 0000000 _____ () C:\Users\Robert\AppData\Local\{7F5A4415-468F-4F3D-8690-457DD4A1B4DE}
- 2014-08-10 10:05 - 2014-08-10 10:05 - 0000252 _____ () C:\ProgramData\FastPics.log
- 2014-03-16 11:02 - 2014-03-16 11:02 - 0000000 _____ () C:\ProgramData\spds90.txt
- Some files in TEMP:
- ====================
- C:\Users\Robert\AppData\Local\Temp\DRHelper_uninstallComplete.exe
- ==================== Bamital & volsnap =================
- (There is no automatic fix for files that do not pass verification.)
- C:\Windows\system32\winlogon.exe => File is digitally signed
- C:\Windows\system32\wininit.exe => File is digitally signed
- C:\Windows\SysWOW64\wininit.exe => File is digitally signed
- C:\Windows\explorer.exe => File is digitally signed
- C:\Windows\SysWOW64\explorer.exe => File is digitally signed
- C:\Windows\system32\svchost.exe => File is digitally signed
- C:\Windows\SysWOW64\svchost.exe => File is digitally signed
- C:\Windows\system32\services.exe => File is digitally signed
- C:\Windows\system32\User32.dll => File is digitally signed
- C:\Windows\SysWOW64\User32.dll => File is digitally signed
- C:\Windows\system32\userinit.exe => File is digitally signed
- C:\Windows\SysWOW64\userinit.exe => File is digitally signed
- C:\Windows\system32\rpcss.dll => File is digitally signed
- C:\Windows\system32\dnsapi.dll => File is digitally signed
- C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
- C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
- LastRegBack: 2015-01-27 06:58
- ==================== End of FRST.txt ============================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement