Jump to content

Malwarebytes won't run!

chaoticfeel
 Share

Recommended Posts

Machiavelli

Machiavelli

Posted
Posted

Hello and Welcome on board chaoticfeel :welcome:,

my Name is Machiavelli and I will assist you with your problem.

If you booted into safe mode on your computer then print my instructions!

I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:

  • Removing Malware is usually very difficult.

    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!

  • Please follow these instructions

    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!

  • Please stay in contact with me until your problem is resolved

    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.

  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware

    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!

  • Read my post completely

    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!

Please don't bump topics.

Please download FRST (by Farbar) from the link below and save it to your Desktop.

 

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.
Link to post
Share on other sites
chaoticfeel

chaoticfeel

Posted
  • Author
Posted

My Malwarebytes will not run, I have already tried running chameleon, here are my logs:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Britani (administrator) on HP_LAPTOP on 04-06-2014 14:39:14
Running from C:\Users\Chaotic\Downloads
Platform: Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-

tool/

==================== Processes (Whitelisted) =================

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Symantec) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Windows\System32\valWBFPolicyService.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Spotify Ltd) C:\Users\Chaotic\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-24] (IDT, Inc.)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics

Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA

\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216

2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [btTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [363520

2012-08-02] (IVT Corporation)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07

-26] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-

28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512

2012-07-31] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager

\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848

2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096

2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sSDMonitor] => C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe

[106112 2014-01-25] (Symantec Corporation)
HKU\S-1-5-21-1708918778-1039857295-3247248500-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1708918778-1039857295-3247248500-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows

\System32\StikyNot.exe [405504 2012-07-25] (Microsoft Corporation)
HKU\S-1-5-21-1708918778-1039857295-3247248500-1002\...\Run: [spotify Web Helper] => C:\Users\Chaotic\AppData

\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-29] (Spotify Ltd)
HKU\S-1-5-21-1708918778-1039857295-3247248500-1002\...\Run: [EPLTarget\P0000000000000000] => C:\Windows

\system32\spool\DRIVERS\x64\3\E_IATIIBE.EXE [283232 2012-09-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1708918778-1039857295-3247248500-1002\...\MountPoints2: {59e9479c-595e-11e3-beb4-6894233bfae8} - "F:

\CMADownloader.exe"
HKU\S-1-5-21-1708918778-1039857295-3247248500-1002\...\MountPoints2: {c70be276-860b-11e2-be7a-6894233bfae8} - "F:

\CMADownloader.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Content Manager Assistant for PlayStation

®.lnk
ShortcutTarget: Content Manager Assistant for PlayStation®.lnk -> C:\Program Files (x86)\Sony\Content Manager

Assistant\CMA.exe (Sony Computer Entertainment Inc.)
Startup: C:\Users\Chaotic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

(Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=U160&ocid=U160DHP&dt=080913
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q=

{searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}

&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}

&l=dis&o=HPNTDF
SearchScopes: HKLM - {9D4C0340-0989-4C9C-B2C4-600D554AF3AD} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-

8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}

&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-

2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q=

{searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}

&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}

&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {9D4C0340-0989-4C9C-B2C4-600D554AF3AD} URL = http://www.amazon.com/s/ref=azs_osd_iea?

ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p=

{searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-

11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q=

{searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}

&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}

&l=dis&o=HPNTDF
SearchScopes: HKCU - {9D4C0340-0989-4C9C-B2C4-600D554AF3AD} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-

8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}

&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-

2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office

\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft

Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office

\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java

\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files

(x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java

\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype

\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Chaotic\AppData\Roaming\Mozilla\Firefox\Profiles\aoo0a9q2.default
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF Keyword.URL: hxxp://www.bing.com/search?q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll (

Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems,

Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

(Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins

\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight

\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft

Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery

\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery

\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games

\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

(Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: Ant Video Downloader - C:\Users\Chaotic\AppData\Roaming\Mozilla\Firefox\Profiles\aoo0a9q2.default

\Extensions\anttoolbar@ant.com [2014-05-14]
FF Extension: HP Detect - C:\Users\Chaotic\AppData\Roaming\Mozilla\Firefox\Profiles\aoo0a9q2.default\Extensions

\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2013-02-28]
FF Extension: TinEye Reverse Image Search - C:\Users\Chaotic\AppData\Roaming\Mozilla\Firefox\Profiles

\aoo0a9q2.default\Extensions\tineye@ideeinc.com.xpi [2013-04-29]
FF Extension: Google Translator for Firefox - C:\Users\Chaotic\AppData\Roaming\Mozilla\Firefox\Profiles

\aoo0a9q2.default\Extensions\translator@zoli.bod.xpi [2014-04-29]
FF Extension: Bluhell Firewall - C:\Users\Chaotic\AppData\Roaming\Mozilla\Firefox\Profiles\aoo0a9q2.default

\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2014-05-29]

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-

03-01] (Adobe Systems)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced

Micro Devices, Inc.)
S2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1544192 2012-

08-02] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2012-07-10]

(IVT Corporation)
S3 DiskDoctorService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe

[1147424 2012-09-30] (Symantec Corporation)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641320 2012-08-10] (HP)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4784312 2013-04-23] (INCA Internet Co., Ltd.)
R2 NU16StartManagerSvc; C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [792608 2012

-09-30] (Symantec)
S3 SpeedDiskService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1160224

2012-09-30] (Symantec Corporation)
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-08-18] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2014-05-24] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthHFEnum;
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48736 2012-08-08] (Ralink Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [266896 2012-06-13] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [30448 2013-10-30] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-06-27] (Hewlett-

Packard Development Company, L.P.)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-25] (Microsoft Corporation)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-04 14:39 - 2014-06-04 14:39 - 00019490 _____ () C:\Users\Chaotic\Downloads\FRST.txt
2014-06-04 14:39 - 2014-06-04 14:39 - 00000000 ____D () C:\FRST
2014-06-04 14:38 - 2014-06-04 14:38 - 02068992 _____ (Farbar) C:\Users\Chaotic\Downloads\FRST64.exe
2014-06-04 13:17 - 2014-06-04 13:17 - 00001122 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-04 13:17 - 2014-06-04 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs

\Malwarebytes Anti-Malware
2014-06-04 13:17 - 2014-06-04 13:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-04 13:17 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers

\mbamchameleon.sys
2014-06-04 13:17 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers

\mwac.sys
2014-06-04 13:17 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers

\mbam.sys
2014-06-04 13:14 - 2014-06-04 13:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Chaotic\Downloads\mbam-

setup-2.0.2.1012.exe
2014-06-04 01:59 - 2014-06-04 03:26 - 00002186 _____ () C:\Users\Chaotic\Desktop\Rkill.txt
2014-06-04 01:58 - 2014-06-04 01:58 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Chaotic\Downloads\rkill.exe
2014-06-04 01:48 - 2014-06-04 01:48 - 00283984 _____ () C:\Windows\Minidump\060414-22183-01.dmp
2014-06-04 01:10 - 2014-06-04 01:10 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-04 00:57 - 2014-06-04 00:57 - 04673536 _____ () C:\Users\Chaotic\Downloads\RogueKiller.exe
2014-06-03 21:01 - 2014-06-04 00:19 - 00000360 _____ () C:\Windows\Tasks\HPCeeScheduleForBritani.job
2014-06-02 19:00 - 2014-06-02 19:13 - 00069546 _____ () C:\Windows\SysWOW64\AppLog.log
2014-05-27 19:54 - 2014-05-27 19:54 - 00000000 ____D () C:\Users\Chaotic\Documents\Fax
2014-05-27 18:24 - 2014-05-27 18:24 - 00000000 ____D () C:\Users\Chaotic\AppData\Local\Downloaded Installations
2014-05-26 14:59 - 2014-05-26 14:59 - 00000000 ____D () C:\Users\Chaotic\Downloads\Theme - Flat - Imgur
2014-05-26 14:30 - 2014-05-26 14:30 - 00409922 _____ () C:\Users\Chaotic\Downloads\Theme - Flat - Imgur.zip
2014-05-24 12:03 - 2014-05-24 12:03 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-05-22 21:01 - 2014-06-03 21:01 - 00003178 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForBritani
2014-05-20 18:16 - 2014-05-20 20:06 - 00000000 ____D () C:\Users\Chaotic\AppData\Roaming\Magic Set Editor
2014-05-20 18:15 - 2014-05-20 18:15 - 00001072 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic

Set Editor.lnk
2014-05-20 18:14 - 2014-05-20 18:14 - 00000000 ____D () C:\Program Files (x86)\Magic Set Editor 2
2014-05-20 11:44 - 2014-06-04 01:48 - 572585038 _____ () C:\Windows\MEMORY.DMP
2014-05-20 11:44 - 2014-05-20 11:45 - 00538416 _____ () C:\Windows\Minidump\052014-26020-01.dmp
2014-05-17 22:13 - 2014-05-17 22:14 - 00542112 _____ () C:\Windows\Minidump\051714-25630-01.dmp
2014-05-16 19:49 - 2014-05-01 15:37 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows

\SysWOW64\FlashPlayerApp.exe
2014-05-16 19:49 - 2014-05-01 15:37 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows

\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 12:38 - 2014-05-20 18:57 - 00000000 ____D () C:\ProgramData\EPSON
2014-05-15 12:38 - 2014-05-15 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-05-15 12:38 - 2014-05-15 12:38 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2014-05-15 12:37 - 2012-09-20 04:13 - 00120320 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ILMIBE.DLL
2014-05-15 12:37 - 2012-09-20 04:13 - 00120320 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ILMIBA.DLL
2014-05-15 12:37 - 2012-09-20 04:13 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ID4BIBE.DLL
2014-05-15 12:37 - 2012-09-20 04:13 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ID4BIBA.DLL
2014-05-15 12:37 - 2012-09-20 04:13 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL
2014-05-14 12:12 - 2014-03-28 14:19 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers

\WdBoot.sys
2014-05-14 12:12 - 2014-03-23 17:11 - 00269592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers

\WdFilter.sys
2014-05-14 10:59 - 2014-03-28 03:23 - 19759104 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 10:59 - 2014-03-28 01:18 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 02:14 - 2014-04-12 04:27 - 00172888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers

\ksecpkg.sys
2014-05-14 02:14 - 2014-04-12 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 02:14 - 2014-04-12 04:09 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2014-05-14 02:14 - 2014-04-12 04:09 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-05-14 02:14 - 2014-04-12 04:09 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 02:14 - 2014-04-12 04:09 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 02:14 - 2014-04-12 04:08 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 02:14 - 2014-04-12 04:08 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 02:14 - 2014-04-12 04:08 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-05-14 02:14 - 2014-04-12 04:08 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 02:14 - 2014-04-12 04:07 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 02:14 - 2014-04-12 02:23 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2014-05-14 02:14 - 2014-04-12 02:23 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-05-14 02:14 - 2014-04-12 02:23 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 02:14 - 2014-04-12 02:23 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 02:14 - 2014-04-12 02:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 02:14 - 2014-04-12 02:22 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 02:14 - 2014-04-12 02:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 02:14 - 2014-04-12 01:58 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\workerdd.dll
2014-05-14 02:14 - 2014-03-10 22:32 - 06987096 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 02:14 - 2014-03-10 22:25 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers

\ksecdd.sys
2014-05-14 02:14 - 2014-03-10 19:41 - 00559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 02:14 - 2014-03-10 19:41 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 02:14 - 2014-03-10 19:41 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 02:14 - 2014-03-10 19:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 02:14 - 2014-03-10 19:38 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 02:14 - 2014-03-10 19:38 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 02:14 - 2014-03-10 19:38 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 02:14 - 2014-03-10 19:38 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-05-14 02:14 - 2014-03-10 19:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 02:14 - 2014-03-10 19:38 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 02:14 - 2014-03-10 19:38 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 02:14 - 2014-03-09 22:05 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 02:14 - 2014-03-09 20:27 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 02:14 - 2014-03-03 18:07 - 00570216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-05-14 02:08 - 2014-03-28 03:23 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-05-14 02:03 - 2014-05-06 00:14 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 02:03 - 2014-05-06 00:14 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 02:03 - 2014-05-05 22:48 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 02:03 - 2014-05-05 22:48 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 02:03 - 2014-05-05 22:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 02:03 - 2014-05-05 22:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 02:01 - 2014-03-01 04:47 - 01258496 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-05-14 02:01 - 2014-03-01 04:47 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2014-05-14 02:01 - 2014-03-01 03:07 - 01075200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2014-05-14 02:01 - 2014-03-01 01:59 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-05-14 02:01 - 2014-02-26 18:18 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-05-14 02:01 - 2014-02-26 18:18 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers

\mrxsmb.sys
2014-05-14 02:01 - 2014-02-26 18:18 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers

\srvnet.sys
2014-05-14 02:01 - 2014-02-26 18:18 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers

\mrxsmb20.sys
2014-05-14 02:01 - 2014-02-14 23:15 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers

\IPMIDrv.sys
2014-05-10 21:05 - 2014-05-10 21:06 - 00541968 _____ () C:\Windows\Minidump\051014-24835-01.dmp
2014-05-10 11:23 - 2014-05-10 11:24 - 00540288 _____ () C:\Windows\Minidump\051014-32058-01.dmp
2014-05-09 12:52 - 2014-05-09 12:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-06 16:40 - 2014-04-19 04:39 - 00628024 _____ (Microsoft Corporation) C:\Windows

\system32\NotificationUI.exe
2014-05-06 16:40 - 2014-04-19 03:45 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-05-06 16:40 - 2014-04-19 03:45 - 00163840 _____ (Microsoft Corporation) C:\Windows

\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-06 16:40 - 2014-04-19 01:57 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-05-06 16:40 - 2014-04-19 01:57 - 00124928 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-05 15:57 - 2014-05-05 15:57 - 00000000 ____D () C:\ProgramData\GZ

==================== One Month Modified Files and Folders =======

2014-06-04 14:39 - 2014-06-04 14:39 - 00019490 _____ () C:\Users\Chaotic\Downloads\FRST.txt
2014-06-04 14:39 - 2014-06-04 14:39 - 00000000 ____D () C:\FRST
2014-06-04 14:39 - 2013-02-28 12:30 - 00000000 ____D () C:\Users\Chaotic\AppData\Local\Temp
2014-06-04 14:38 - 2014-06-04 14:38 - 02068992 _____ (Farbar) C:\Users\Chaotic\Downloads\FRST64.exe
2014-06-04 14:30 - 2014-04-21 21:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-04 14:11 - 2013-02-28 12:42 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache

Files-S-1-5-21-1708918778-1039857295-3247248500-1002
2014-06-04 14:00 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\sru
2014-06-04 13:17 - 2014-06-04 13:17 - 00001122 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-04 13:17 - 2014-06-04 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs

\Malwarebytes Anti-Malware
2014-06-04 13:17 - 2014-06-04 13:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-04 13:17 - 2013-03-03 02:00 - 00000000 ____D () C:\Users\Chaotic\AppData\Local\CrashDumps
2014-06-04 13:16 - 2014-06-04 13:14 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Chaotic\Downloads\mbam-

setup-2.0.2.1012.exe
2014-06-04 13:08 - 2013-02-28 17:29 - 00000312 _____ () C:\Windows\Tasks\NUAutoUpdate.job
2014-06-04 13:08 - 2012-09-22 02:00 - 00004524 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI
2014-06-04 13:08 - 2012-08-17 00:55 - 00000000 ____D () C:\ProgramData\Temp
2014-06-04 13:08 - 2012-08-10 19:45 - 00000821 _____ () C:\Windows\SysWOW64\bscs.ini
2014-06-04 13:08 - 2012-07-26 02:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-04 12:30 - 2012-09-22 02:00 - 00000043 _____ () C:\Windows\SysWOW64\LOCALDEVICE.INI
2014-06-04 10:56 - 2013-02-28 12:31 - 02078445 _____ () C:\Windows\WindowsUpdate.log
2014-06-04 03:26 - 2014-06-04 01:59 - 00002186 _____ () C:\Users\Chaotic\Desktop\Rkill.txt
2014-06-04 02:10 - 2013-02-28 13:46 - 00000000 ____D () C:\Users\Chaotic\AppData\Local\Adobe
2014-06-04 01:58 - 2014-06-04 01:58 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Chaotic\Downloads\rkill.exe
2014-06-04 01:48 - 2014-06-04 01:48 - 00283984 _____ () C:\Windows\Minidump\060414-22183-01.dmp
2014-06-04 01:48 - 2014-05-20 11:44 - 572585038 _____ () C:\Windows\MEMORY.DMP
2014-06-04 01:48 - 2013-03-05 22:13 - 00000000 ____D () C:\Windows\Minidump
2014-06-04 01:10 - 2014-06-04 01:10 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-04 00:57 - 2014-06-04 00:57 - 04673536 _____ () C:\Users\Chaotic\Downloads\RogueKiller.exe
2014-06-04 00:19 - 2014-06-03 21:01 - 00000360 _____ () C:\Windows\Tasks\HPCeeScheduleForBritani.job
2014-06-04 00:18 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-06-03 21:01 - 2014-05-22 21:01 - 00003178 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForBritani
2014-06-03 21:01 - 2013-02-28 12:30 - 00000000 ____D () C:\Users\Chaotic
2014-06-03 20:17 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-06-02 19:13 - 2014-06-02 19:00 - 00069546 _____ () C:\Windows\SysWOW64\AppLog.log
2014-06-02 19:13 - 2014-04-09 19:04 - 00000304 _____ () C:\Windows\Tasks\NUSchedule.job
2014-06-02 13:22 - 2013-02-28 16:56 - 00000024 _____ () C:\SROF.ini
2014-05-29 22:27 - 2013-12-16 09:09 - 00000000 ____D () C:\Users\Chaotic\Documents\Compass Stuff
2014-05-27 19:54 - 2014-05-27 19:54 - 00000000 ____D () C:\Users\Chaotic\Documents\Fax
2014-05-27 18:24 - 2014-05-27 18:24 - 00000000 ____D () C:\Users\Chaotic\AppData\Local\Downloaded Installations
2014-05-27 18:13 - 2012-07-26 02:28 - 00941114 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-27 18:05 - 2012-09-22 02:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-05-27 18:05 - 2012-09-22 02:15 - 00000000 ____D () C:\Program Files (x86)\HP SimplePass
2014-05-27 18:03 - 2012-09-22 02:14 - 00000000 ____D () C:\ProgramData\Downloaded Installations
2014-05-26 14:59 - 2014-05-26 14:59 - 00000000 ____D () C:\Users\Chaotic\Downloads\Theme - Flat - Imgur
2014-05-26 14:30 - 2014-05-26 14:30 - 00409922 _____ () C:\Users\Chaotic\Downloads\Theme - Flat - Imgur.zip
2014-05-24 21:53 - 2013-10-27 18:41 - 00000000 ____D () C:\Users\Chaotic\AppData\Roaming\vlc
2014-05-24 15:18 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\rescache
2014-05-24 12:03 - 2014-05-24 12:03 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-05-24 11:53 - 2014-03-19 13:46 - 00447600 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-24 11:52 - 2012-08-03 17:23 - 00851770 _____ () C:\Windows\PFRO.log
2014-05-22 06:25 - 2013-02-28 16:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-22 06:25 - 2012-07-26 00:26 - 00000167 _____ () C:\Windows\win.ini
2014-05-22 06:21 - 2013-03-01 14:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs

\Microsoft Office 2013
2014-05-21 14:17 - 2014-03-29 22:44 - 00000000 ____D () C:\Users\Chaotic\Downloads\Random
2014-05-20 20:06 - 2014-05-20 18:16 - 00000000 ____D () C:\Users\Chaotic\AppData\Roaming\Magic Set Editor
2014-05-20 18:58 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-05-20 18:57 - 2014-05-15 12:38 - 00000000 ____D () C:\ProgramData\EPSON
2014-05-20 18:15 - 2014-05-20 18:15 - 00001072 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic

Set Editor.lnk
2014-05-20 18:14 - 2014-05-20 18:14 - 00000000 ____D () C:\Program Files (x86)\Magic Set Editor 2
2014-05-20 11:45 - 2014-05-20 11:44 - 00538416 _____ () C:\Windows\Minidump\052014-26020-01.dmp
2014-05-17 22:14 - 2014-05-17 22:13 - 00542112 _____ () C:\Windows\Minidump\051714-25630-01.dmp
2014-05-16 19:50 - 2013-02-28 12:35 - 00000000 ___RD () C:\Users\Chaotic\AppData\Roaming\Microsoft\Windows\Start

Menu\Programs\Startup
2014-05-16 19:50 - 2013-02-28 12:35 - 00000000 ___RD () C:\Users\Chaotic\AppData\Roaming\Microsoft\Windows\Start

Menu\Programs\Administrative Tools
2014-05-16 19:44 - 2012-07-26 03:12 - 00000000 ___RD () C:\Windows\ToastData
2014-05-16 19:44 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start

Menu\Programs\System Tools
2014-05-16 19:44 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows

\Start Menu\Programs\System Tools
2014-05-16 19:44 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-05-16 19:44 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-16 19:44 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-15 12:38 - 2014-05-15 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-05-15 12:38 - 2014-05-15 12:38 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2014-05-14 23:38 - 2012-07-26 02:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-05-14 23:33 - 2013-08-14 17:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 23:30 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-05-14 23:29 - 2013-03-01 16:06 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-13 22:32 - 2014-04-21 21:35 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-12 07:26 - 2014-06-04 13:17 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers

\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-04 13:17 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers

\mwac.sys
2014-05-12 07:25 - 2014-06-04 13:17 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers

\mbam.sys
2014-05-10 21:06 - 2014-05-10 21:05 - 00541968 _____ () C:\Windows\Minidump\051014-24835-01.dmp
2014-05-10 11:24 - 2014-05-10 11:23 - 00540288 _____ () C:\Windows\Minidump\051014-32058-01.dmp
2014-05-10 11:23 - 2013-02-28 13:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-09 17:22 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-09 12:52 - 2014-05-09 12:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-06 19:30 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\WinStore
2014-05-06 00:14 - 2014-05-14 02:03 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 00:14 - 2014-05-14 02:03 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 22:48 - 2014-05-14 02:03 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 22:48 - 2014-05-14 02:03 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 22:37 - 2014-05-14 02:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 22:26 - 2014-05-14 02:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 15:57 - 2014-05-05 15:57 - 00000000 ____D () C:\ProgramData\GZ

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-05-14 02:14] - [2014-04-12 04:10] - 0578048 ____A (Microsoft Corporation) 75DD70A14145499C9F7D903CF9A8C91B

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-06-04 01:18

==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites
chaoticfeel

chaoticfeel

Posted
  • Author
Posted

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Britani (administrator) on HP_LAPTOP on 04-06-2014 14:54:03
Running from C:\Users\Chaotic\Downloads
Platform: Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-

tool/

==================== Processes (Whitelisted) =================

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Symantec) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Windows\System32\valWBFPolicyService.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Spotify Ltd) C:\Users\Chaotic\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-24] (IDT, Inc.)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics

Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA

\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216

2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [btTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [363520

2012-08-02] (IVT Corporation)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07

-26] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-

28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512

2012-07-31] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager

\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848

2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096

2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sSDMonitor] => C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe

[106112 2014-01-25] (Symantec Corporation)
HKU\S-1-5-21-1708918778-1039857295-3247248500-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1708918778-1039857295-3247248500-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows

\System32\StikyNot.exe [405504 2012-07-25] (Microsoft Corporation)
HKU\S-1-5-21-1708918778-1039857295-3247248500-1002\...\Run: [spotify Web Helper] => C:\Users\Chaotic\AppData

\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-29] (Spotify Ltd)
HKU\S-1-5-21-1708918778-1039857295-3247248500-1002\...\Run: [EPLTarget\P0000000000000000] => C:\Windows

\system32\spool\DRIVERS\x64\3\E_IATIIBE.EXE [283232 2012-09-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1708918778-1039857295-3247248500-1002\...\MountPoints2: {59e9479c-595e-11e3-beb4-6894233bfae8} - "F:

\CMADownloader.exe"
HKU\S-1-5-21-1708918778-1039857295-3247248500-1002\...\MountPoints2: {c70be276-860b-11e2-be7a-6894233bfae8} - "F:

\CMADownloader.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Content Manager Assistant for PlayStation

®.lnk
ShortcutTarget: Content Manager Assistant for PlayStation®.lnk -> C:\Program Files (x86)\Sony\Content Manager

Assistant\CMA.exe (Sony Computer Entertainment Inc.)
Startup: C:\Users\Chaotic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

(Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=U160&ocid=U160DHP&dt=080913
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q=

{searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}

&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}

&l=dis&o=HPNTDF
SearchScopes: HKLM - {9D4C0340-0989-4C9C-B2C4-600D554AF3AD} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-

8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}

&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-

2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q=

{searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}

&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}

&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {9D4C0340-0989-4C9C-B2C4-600D554AF3AD} URL = http://www.amazon.com/s/ref=azs_osd_iea?

ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p=

{searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-

11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q=

{searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}

&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}

&l=dis&o=HPNTDF
SearchScopes: HKCU - {9D4C0340-0989-4C9C-B2C4-600D554AF3AD} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-

8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}

&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-

2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office

\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft

Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office

\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java

\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files

(x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java

\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype

\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Chaotic\AppData\Roaming\Mozilla\Firefox\Profiles\aoo0a9q2.default
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF Keyword.URL: hxxp://www.bing.com/search?q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll (

Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems,

Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

(Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins

\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight

\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft

Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery

\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery

\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games

\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

(Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: Ant Video Downloader - C:\Users\Chaotic\AppData\Roaming\Mozilla\Firefox\Profiles\aoo0a9q2.default

\Extensions\anttoolbar@ant.com [2014-05-14]
FF Extension: HP Detect - C:\Users\Chaotic\AppData\Roaming\Mozilla\Firefox\Profiles\aoo0a9q2.default\Extensions

\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2013-02-28]
FF Extension: TinEye Reverse Image Search - C:\Users\Chaotic\AppData\Roaming\Mozilla\Firefox\Profiles

\aoo0a9q2.default\Extensions\tineye@ideeinc.com.xpi [2013-04-29]
FF Extension: Google Translator for Firefox - C:\Users\Chaotic\AppData\Roaming\Mozilla\Firefox\Profiles

\aoo0a9q2.default\Extensions\translator@zoli.bod.xpi [2014-04-29]
FF Extension: Bluhell Firewall - C:\Users\Chaotic\AppData\Roaming\Mozilla\Firefox\Profiles\aoo0a9q2.default

\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2014-05-29]

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-

03-01] (Adobe Systems)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced

Micro Devices, Inc.)
S2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1544192 2012-

08-02] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2012-07-10]

(IVT Corporation)
S3 DiskDoctorService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe

[1147424 2012-09-30] (Symantec Corporation)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641320 2012-08-10] (HP)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4784312 2013-04-23] (INCA Internet Co., Ltd.)
R2 NU16StartManagerSvc; C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [792608 2012

-09-30] (Symantec)
S3 SpeedDiskService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1160224

2012-09-30] (Symantec Corporation)
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-08-18] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2014-05-24] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthHFEnum;
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48736 2012-08-08] (Ralink Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [266896 2012-06-13] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [30448 2013-10-30] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-06-27] (Hewlett-

Packard Development Company, L.P.)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-25] (Microsoft Corporation)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-04 14:54 - 2014-06-04 14:54 - 00019490 _____ () C:\Users\Chaotic\Downloads\FRST.txt
2014-06-04 14:40 - 2014-06-04 14:43 - 00051507 _____ () C:\Users\Chaotic\Downloads\Addition.txt
2014-06-04 14:39 - 2014-06-04 14:54 - 00000000 ____D () C:\FRST
2014-06-04 14:38 - 2014-06-04 14:38 - 02068992 _____ (Farbar) C:\Users\Chaotic\Downloads\FRST64.exe
2014-06-04 13:17 - 2014-06-04 13:17 - 00001122 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-04 13:17 - 2014-06-04 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs

\Malwarebytes Anti-Malware
2014-06-04 13:17 - 2014-06-04 13:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-04 13:17 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers

\mbamchameleon.sys
2014-06-04 13:17 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers

\mwac.sys
2014-06-04 13:17 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers

\mbam.sys
2014-06-04 13:14 - 2014-06-04 13:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Chaotic\Downloads\mbam-

setup-2.0.2.1012.exe
2014-06-04 01:59 - 2014-06-04 03:26 - 00002186 _____ () C:\Users\Chaotic\Desktop\Rkill.txt
2014-06-04 01:58 - 2014-06-04 01:58 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Chaotic\Downloads\rkill.exe
2014-06-04 01:48 - 2014-06-04 01:48 - 00283984 _____ () C:\Windows\Minidump\060414-22183-01.dmp
2014-06-04 01:10 - 2014-06-04 01:10 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-04 00:57 - 2014-06-04 00:57 - 04673536 _____ () C:\Users\Chaotic\Downloads\RogueKiller.exe
2014-06-03 21:01 - 2014-06-04 00:19 - 00000360 _____ () C:\Windows\Tasks\HPCeeScheduleForBritani.job
2014-06-02 19:00 - 2014-06-02 19:13 - 00069546 _____ () C:\Windows\SysWOW64\AppLog.log
2014-05-27 19:54 - 2014-05-27 19:54 - 00000000 ____D () C:\Users\Chaotic\Documents\Fax
2014-05-27 18:24 - 2014-05-27 18:24 - 00000000 ____D () C:\Users\Chaotic\AppData\Local\Downloaded Installations
2014-05-26 14:59 - 2014-05-26 14:59 - 00000000 ____D () C:\Users\Chaotic\Downloads\Theme - Flat - Imgur
2014-05-26 14:30 - 2014-05-26 14:30 - 00409922 _____ () C:\Users\Chaotic\Downloads\Theme - Flat - Imgur.zip
2014-05-24 12:03 - 2014-05-24 12:03 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-05-22 21:01 - 2014-06-03 21:01 - 00003178 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForBritani
2014-05-20 18:16 - 2014-05-20 20:06 - 00000000 ____D () C:\Users\Chaotic\AppData\Roaming\Magic Set Editor
2014-05-20 18:15 - 2014-05-20 18:15 - 00001072 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic

Set Editor.lnk
2014-05-20 18:14 - 2014-05-20 18:14 - 00000000 ____D () C:\Program Files (x86)\Magic Set Editor 2
2014-05-20 11:44 - 2014-06-04 01:48 - 572585038 _____ () C:\Windows\MEMORY.DMP
2014-05-20 11:44 - 2014-05-20 11:45 - 00538416 _____ () C:\Windows\Minidump\052014-26020-01.dmp
2014-05-17 22:13 - 2014-05-17 22:14 - 00542112 _____ () C:\Windows\Minidump\051714-25630-01.dmp
2014-05-16 19:49 - 2014-05-01 15:37 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows

\SysWOW64\FlashPlayerApp.exe
2014-05-16 19:49 - 2014-05-01 15:37 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows

\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 12:38 - 2014-05-20 18:57 - 00000000 ____D () C:\ProgramData\EPSON
2014-05-15 12:38 - 2014-05-15 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-05-15 12:38 - 2014-05-15 12:38 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2014-05-15 12:37 - 2012-09-20 04:13 - 00120320 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ILMIBE.DLL
2014-05-15 12:37 - 2012-09-20 04:13 - 00120320 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ILMIBA.DLL
2014-05-15 12:37 - 2012-09-20 04:13 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ID4BIBE.DLL
2014-05-15 12:37 - 2012-09-20 04:13 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ID4BIBA.DLL
2014-05-15 12:37 - 2012-09-20 04:13 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL
2014-05-14 12:12 - 2014-03-28 14:19 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers

\WdBoot.sys
2014-05-14 12:12 - 2014-03-23 17:11 - 00269592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers

\WdFilter.sys
2014-05-14 10:59 - 2014-03-28 03:23 - 19759104 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 10:59 - 2014-03-28 01:18 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 02:14 - 2014-04-12 04:27 - 00172888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers

\ksecpkg.sys
2014-05-14 02:14 - 2014-04-12 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 02:14 - 2014-04-12 04:09 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2014-05-14 02:14 - 2014-04-12 04:09 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-05-14 02:14 - 2014-04-12 04:09 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 02:14 - 2014-04-12 04:09 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 02:14 - 2014-04-12 04:08 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 02:14 - 2014-04-12 04:08 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 02:14 - 2014-04-12 04:08 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-05-14 02:14 - 2014-04-12 04:08 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 02:14 - 2014-04-12 04:07 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 02:14 - 2014-04-12 02:23 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2014-05-14 02:14 - 2014-04-12 02:23 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-05-14 02:14 - 2014-04-12 02:23 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 02:14 - 2014-04-12 02:23 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 02:14 - 2014-04-12 02:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 02:14 - 2014-04-12 02:22 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 02:14 - 2014-04-12 02:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 02:14 - 2014-04-12 01:58 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\workerdd.dll
2014-05-14 02:14 - 2014-03-10 22:32 - 06987096 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 02:14 - 2014-03-10 22:25 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers

\ksecdd.sys
2014-05-14 02:14 - 2014-03-10 19:41 - 00559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 02:14 - 2014-03-10 19:41 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 02:14 - 2014-03-10 19:41 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 02:14 - 2014-03-10 19:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 02:14 - 2014-03-10 19:38 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 02:14 - 2014-03-10 19:38 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 02:14 - 2014-03-10 19:38 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 02:14 - 2014-03-10 19:38 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-05-14 02:14 - 2014-03-10 19:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 02:14 - 2014-03-10 19:38 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 02:14 - 2014-03-10 19:38 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 02:14 - 2014-03-09 22:05 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 02:14 - 2014-03-09 20:27 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 02:14 - 2014-03-03 18:07 - 00570216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-05-14 02:08 - 2014-03-28 03:23 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-05-14 02:03 - 2014-05-06 00:14 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 02:03 - 2014-05-06 00:14 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 02:03 - 2014-05-05 22:48 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 02:03 - 2014-05-05 22:48 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 02:03 - 2014-05-05 22:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 02:03 - 2014-05-05 22:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 02:01 - 2014-03-01 04:47 - 01258496 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-05-14 02:01 - 2014-03-01 04:47 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2014-05-14 02:01 - 2014-03-01 03:07 - 01075200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2014-05-14 02:01 - 2014-03-01 01:59 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-05-14 02:01 - 2014-02-26 18:18 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-05-14 02:01 - 2014-02-26 18:18 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers

\mrxsmb.sys
2014-05-14 02:01 - 2014-02-26 18:18 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers

\srvnet.sys
2014-05-14 02:01 - 2014-02-26 18:18 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers

\mrxsmb20.sys
2014-05-14 02:01 - 2014-02-14 23:15 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers

\IPMIDrv.sys
2014-05-10 21:05 - 2014-05-10 21:06 - 00541968 _____ () C:\Windows\Minidump\051014-24835-01.dmp
2014-05-10 11:23 - 2014-05-10 11:24 - 00540288 _____ () C:\Windows\Minidump\051014-32058-01.dmp
2014-05-09 12:52 - 2014-05-09 12:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-06 16:40 - 2014-04-19 04:39 - 00628024 _____ (Microsoft Corporation) C:\Windows

\system32\NotificationUI.exe
2014-05-06 16:40 - 2014-04-19 03:45 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-05-06 16:40 - 2014-04-19 03:45 - 00163840 _____ (Microsoft Corporation) C:\Windows

\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-06 16:40 - 2014-04-19 01:57 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-05-06 16:40 - 2014-04-19 01:57 - 00124928 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-05 15:57 - 2014-05-05 15:57 - 00000000 ____D () C:\ProgramData\GZ

==================== One Month Modified Files and Folders =======

2014-06-04 14:54 - 2014-06-04 14:54 - 00019490 _____ () C:\Users\Chaotic\Downloads\FRST.txt
2014-06-04 14:54 - 2014-06-04 14:39 - 00000000 ____D () C:\FRST
2014-06-04 14:54 - 2013-02-28 12:30 - 00000000 ____D () C:\Users\Chaotic\AppData\Local\Temp
2014-06-04 14:43 - 2014-06-04 14:40 - 00051507 _____ () C:\Users\Chaotic\Downloads\Addition.txt
2014-06-04 14:38 - 2014-06-04 14:38 - 02068992 _____ (Farbar) C:\Users\Chaotic\Downloads\FRST64.exe
2014-06-04 14:30 - 2014-04-21 21:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-04 14:11 - 2013-02-28 12:42 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache

Files-S-1-5-21-1708918778-1039857295-3247248500-1002
2014-06-04 14:00 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\sru
2014-06-04 13:17 - 2014-06-04 13:17 - 00001122 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-04 13:17 - 2014-06-04 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs

\Malwarebytes Anti-Malware
2014-06-04 13:17 - 2014-06-04 13:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-04 13:17 - 2013-03-03 02:00 - 00000000 ____D () C:\Users\Chaotic\AppData\Local\CrashDumps
2014-06-04 13:16 - 2014-06-04 13:14 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Chaotic\Downloads\mbam-

setup-2.0.2.1012.exe
2014-06-04 13:08 - 2013-02-28 17:29 - 00000312 _____ () C:\Windows\Tasks\NUAutoUpdate.job
2014-06-04 13:08 - 2012-09-22 02:00 - 00004524 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI
2014-06-04 13:08 - 2012-08-17 00:55 - 00000000 ____D () C:\ProgramData\Temp
2014-06-04 13:08 - 2012-08-10 19:45 - 00000821 _____ () C:\Windows\SysWOW64\bscs.ini
2014-06-04 13:08 - 2012-07-26 02:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-04 12:30 - 2012-09-22 02:00 - 00000043 _____ () C:\Windows\SysWOW64\LOCALDEVICE.INI
2014-06-04 10:56 - 2013-02-28 12:31 - 02078445 _____ () C:\Windows\WindowsUpdate.log
2014-06-04 03:26 - 2014-06-04 01:59 - 00002186 _____ () C:\Users\Chaotic\Desktop\Rkill.txt
2014-06-04 02:10 - 2013-02-28 13:46 - 00000000 ____D () C:\Users\Chaotic\AppData\Local\Adobe
2014-06-04 01:58 - 2014-06-04 01:58 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Chaotic\Downloads\rkill.exe
2014-06-04 01:48 - 2014-06-04 01:48 - 00283984 _____ () C:\Windows\Minidump\060414-22183-01.dmp
2014-06-04 01:48 - 2014-05-20 11:44 - 572585038 _____ () C:\Windows\MEMORY.DMP
2014-06-04 01:48 - 2013-03-05 22:13 - 00000000 ____D () C:\Windows\Minidump
2014-06-04 01:10 - 2014-06-04 01:10 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-04 00:57 - 2014-06-04 00:57 - 04673536 _____ () C:\Users\Chaotic\Downloads\RogueKiller.exe
2014-06-04 00:19 - 2014-06-03 21:01 - 00000360 _____ () C:\Windows\Tasks\HPCeeScheduleForBritani.job
2014-06-04 00:18 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-06-03 21:01 - 2014-05-22 21:01 - 00003178 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForBritani
2014-06-03 21:01 - 2013-02-28 12:30 - 00000000 ____D () C:\Users\Chaotic
2014-06-03 20:17 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-06-02 19:13 - 2014-06-02 19:00 - 00069546 _____ () C:\Windows\SysWOW64\AppLog.log
2014-06-02 19:13 - 2014-04-09 19:04 - 00000304 _____ () C:\Windows\Tasks\NUSchedule.job
2014-06-02 13:22 - 2013-02-28 16:56 - 00000024 _____ () C:\SROF.ini
2014-05-29 22:27 - 2013-12-16 09:09 - 00000000 ____D () C:\Users\Chaotic\Documents\Compass Stuff
2014-05-27 19:54 - 2014-05-27 19:54 - 00000000 ____D () C:\Users\Chaotic\Documents\Fax
2014-05-27 18:24 - 2014-05-27 18:24 - 00000000 ____D () C:\Users\Chaotic\AppData\Local\Downloaded Installations
2014-05-27 18:13 - 2012-07-26 02:28 - 00941114 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-27 18:05 - 2012-09-22 02:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-05-27 18:05 - 2012-09-22 02:15 - 00000000 ____D () C:\Program Files (x86)\HP SimplePass
2014-05-27 18:03 - 2012-09-22 02:14 - 00000000 ____D () C:\ProgramData\Downloaded Installations
2014-05-26 14:59 - 2014-05-26 14:59 - 00000000 ____D () C:\Users\Chaotic\Downloads\Theme - Flat - Imgur
2014-05-26 14:30 - 2014-05-26 14:30 - 00409922 _____ () C:\Users\Chaotic\Downloads\Theme - Flat - Imgur.zip
2014-05-24 21:53 - 2013-10-27 18:41 - 00000000 ____D () C:\Users\Chaotic\AppData\Roaming\vlc
2014-05-24 15:18 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\rescache
2014-05-24 12:03 - 2014-05-24 12:03 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-05-24 11:53 - 2014-03-19 13:46 - 00447600 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-24 11:52 - 2012-08-03 17:23 - 00851770 _____ () C:\Windows\PFRO.log
2014-05-22 06:25 - 2013-02-28 16:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-22 06:25 - 2012-07-26 00:26 - 00000167 _____ () C:\Windows\win.ini
2014-05-22 06:21 - 2013-03-01 14:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs

\Microsoft Office 2013
2014-05-21 14:17 - 2014-03-29 22:44 - 00000000 ____D () C:\Users\Chaotic\Downloads\Random
2014-05-20 20:06 - 2014-05-20 18:16 - 00000000 ____D () C:\Users\Chaotic\AppData\Roaming\Magic Set Editor
2014-05-20 18:58 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-05-20 18:57 - 2014-05-15 12:38 - 00000000 ____D () C:\ProgramData\EPSON
2014-05-20 18:15 - 2014-05-20 18:15 - 00001072 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic

Set Editor.lnk
2014-05-20 18:14 - 2014-05-20 18:14 - 00000000 ____D () C:\Program Files (x86)\Magic Set Editor 2
2014-05-20 11:45 - 2014-05-20 11:44 - 00538416 _____ () C:\Windows\Minidump\052014-26020-01.dmp
2014-05-17 22:14 - 2014-05-17 22:13 - 00542112 _____ () C:\Windows\Minidump\051714-25630-01.dmp
2014-05-16 19:50 - 2013-02-28 12:35 - 00000000 ___RD () C:\Users\Chaotic\AppData\Roaming\Microsoft\Windows\Start

Menu\Programs\Startup
2014-05-16 19:50 - 2013-02-28 12:35 - 00000000 ___RD () C:\Users\Chaotic\AppData\Roaming\Microsoft\Windows\Start

Menu\Programs\Administrative Tools
2014-05-16 19:44 - 2012-07-26 03:12 - 00000000 ___RD () C:\Windows\ToastData
2014-05-16 19:44 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start

Menu\Programs\System Tools
2014-05-16 19:44 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows

\Start Menu\Programs\System Tools
2014-05-16 19:44 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-05-16 19:44 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-16 19:44 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-15 12:38 - 2014-05-15 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-05-15 12:38 - 2014-05-15 12:38 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2014-05-14 23:38 - 2012-07-26 02:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-05-14 23:33 - 2013-08-14 17:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 23:30 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-05-14 23:29 - 2013-03-01 16:06 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-13 22:32 - 2014-04-21 21:35 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-12 07:26 - 2014-06-04 13:17 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers

\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-04 13:17 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers

\mwac.sys
2014-05-12 07:25 - 2014-06-04 13:17 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers

\mbam.sys
2014-05-10 21:06 - 2014-05-10 21:05 - 00541968 _____ () C:\Windows\Minidump\051014-24835-01.dmp
2014-05-10 11:24 - 2014-05-10 11:23 - 00540288 _____ () C:\Windows\Minidump\051014-32058-01.dmp
2014-05-10 11:23 - 2013-02-28 13:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-09 17:22 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-09 12:52 - 2014-05-09 12:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-06 19:30 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\WinStore
2014-05-06 00:14 - 2014-05-14 02:03 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 00:14 - 2014-05-14 02:03 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 22:48 - 2014-05-14 02:03 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 22:48 - 2014-05-14 02:03 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 22:37 - 2014-05-14 02:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 22:26 - 2014-05-14 02:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 15:57 - 2014-05-05 15:57 - 00000000 ____D () C:\ProgramData\GZ

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-05-14 02:14] - [2014-04-12 04:10] - 0578048 ____A (Microsoft Corporation) 75DD70A14145499C9F7D903CF9A8C91B

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-06-04 01:18

==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites
chaoticfeel

chaoticfeel

Posted
  • Author
Posted

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Britani (administrator) on HP_LAPTOP on 04-06-2014 14:54:03
Running from C:\Users\Chaotic\Downloads
Platform: Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Symantec) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Windows\System32\valWBFPolicyService.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Spotify Ltd) C:\Users\Chaotic\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-24] (IDT, Inc.)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (SynapticsIncorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [6422162012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [btTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [3635202012-08-02] (IVT Corporation)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [5805122012-07-31] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2528482012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [5170962010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sSDMonitor] => C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe[106112 2014-01-25] (Symantec Corporation)
HKU\S-1-5-21-1708918778-1039857295-3247248500-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1708918778-1039857295-3247248500-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [405504 2012-07-25] (Microsoft Corporation)
HKU\S-1-5-21-1708918778-1039857295-3247248500-1002\...\Run: [spotify Web Helper] => C:\Users\Chaotic\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-29] (Spotify Ltd)
HKU\S-1-5-21-1708918778-1039857295-3247248500-1002\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIBE.EXE [283232 2012-09-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1708918778-1039857295-3247248500-1002\...\MountPoints2: {59e9479c-595e-11e3-beb4-6894233bfae8} - "F:\CMADownloader.exe"
HKU\S-1-5-21-1708918778-1039857295-3247248500-1002\...\MountPoints2: {c70be276-860b-11e2-be7a-6894233bfae8} - "F:\CMADownloader.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Content Manager Assistant for PlayStation®.lnk
ShortcutTarget: Content Manager Assistant for PlayStation®.lnk -> C:\Program Files (x86)\Sony\Content ManagerAssistant\CMA.exe (Sony Computer Entertainment Inc.)
Startup: C:\Users\Chaotic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe(Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=U160&ocid=U160DHP&dt=080913
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {9D4C0340-0989-4C9C-B2C4-600D554AF3AD} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {9D4C0340-0989-4C9C-B2C4-600D554AF3AD} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {9D4C0340-0989-4C9C-B2C4-600D554AF3AD} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\MicrosoftOffice\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files(x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Chaotic\AppData\Roaming\Mozilla\Firefox\Profiles\aoo0a9q2.default
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF Keyword.URL: hxxp://www.bing.com/search?q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems,Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll(Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (MicrosoftCorporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll(Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: Ant Video Downloader - C:\Users\Chaotic\AppData\Roaming\Mozilla\Firefox\Profiles\aoo0a9q2.default\Extensions\anttoolbar@ant.com [2014-05-14]
FF Extension: HP Detect - C:\Users\Chaotic\AppData\Roaming\Mozilla\Firefox\Profiles\aoo0a9q2.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2013-02-28]
FF Extension: TinEye Reverse Image Search - C:\Users\Chaotic\AppData\Roaming\Mozilla\Firefox\Profiles\aoo0a9q2.default\Extensions\tineye@ideeinc.com.xpi [2013-04-29]
FF Extension: Google Translator for Firefox - C:\Users\Chaotic\AppData\Roaming\Mozilla\Firefox\Profiles\aoo0a9q2.default\Extensions\translator@zoli.bod.xpi [2014-04-29]
FF Extension: Bluhell Firewall - C:\Users\Chaotic\AppData\Roaming\Mozilla\Firefox\Profiles\aoo0a9q2.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2014-05-29]

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-03-01] (Adobe Systems)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (AdvancedMicro Devices, Inc.)
S2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1544192 2012-08-02] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2012-07-10](IVT Corporation)
S3 DiskDoctorService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe[1147424 2012-09-30] (Symantec Corporation)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641320 2012-08-10] (HP)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4784312 2013-04-23] (INCA Internet Co., Ltd.)
R2 NU16StartManagerSvc; C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [792608 2012-09-30] (Symantec)
S3 SpeedDiskService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [11602242012-09-30] (Symantec Corporation)
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-08-18] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2014-05-24] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthHFEnum;
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48736 2012-08-08] (Ralink Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [266896 2012-06-13] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [30448 2013-10-30] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-06-27] (Hewlett-Packard Development Company, L.P.)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-25] (Microsoft Corporation)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-04 14:54 - 2014-06-04 14:54 - 00019490 _____ () C:\Users\Chaotic\Downloads\FRST.txt
2014-06-04 14:40 - 2014-06-04 14:43 - 00051507 _____ () C:\Users\Chaotic\Downloads\Addition.txt
2014-06-04 14:39 - 2014-06-04 14:54 - 00000000 ____D () C:\FRST
2014-06-04 14:38 - 2014-06-04 14:38 - 02068992 _____ (Farbar) C:\Users\Chaotic\Downloads\FRST64.exe
2014-06-04 13:17 - 2014-06-04 13:17 - 00001122 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-04 13:17 - 2014-06-04 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-04 13:17 - 2014-06-04 13:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-04 13:17 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-04 13:17 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-04 13:17 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-04 13:14 - 2014-06-04 13:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Chaotic\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-04 01:59 - 2014-06-04 03:26 - 00002186 _____ () C:\Users\Chaotic\Desktop\Rkill.txt
2014-06-04 01:58 - 2014-06-04 01:58 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Chaotic\Downloads\rkill.exe
2014-06-04 01:48 - 2014-06-04 01:48 - 00283984 _____ () C:\Windows\Minidump\060414-22183-01.dmp
2014-06-04 01:10 - 2014-06-04 01:10 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-04 00:57 - 2014-06-04 00:57 - 04673536 _____ () C:\Users\Chaotic\Downloads\RogueKiller.exe
2014-06-03 21:01 - 2014-06-04 00:19 - 00000360 _____ () C:\Windows\Tasks\HPCeeScheduleForBritani.job
2014-06-02 19:00 - 2014-06-02 19:13 - 00069546 _____ () C:\Windows\SysWOW64\AppLog.log
2014-05-27 19:54 - 2014-05-27 19:54 - 00000000 ____D () C:\Users\Chaotic\Documents\Fax
2014-05-27 18:24 - 2014-05-27 18:24 - 00000000 ____D () C:\Users\Chaotic\AppData\Local\Downloaded Installations
2014-05-26 14:59 - 2014-05-26 14:59 - 00000000 ____D () C:\Users\Chaotic\Downloads\Theme - Flat - Imgur
2014-05-26 14:30 - 2014-05-26 14:30 - 00409922 _____ () C:\Users\Chaotic\Downloads\Theme - Flat - Imgur.zip
2014-05-24 12:03 - 2014-05-24 12:03 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-05-22 21:01 - 2014-06-03 21:01 - 00003178 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForBritani
2014-05-20 18:16 - 2014-05-20 20:06 - 00000000 ____D () C:\Users\Chaotic\AppData\Roaming\Magic Set Editor
2014-05-20 18:15 - 2014-05-20 18:15 - 00001072 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicSet Editor.lnk
2014-05-20 18:14 - 2014-05-20 18:14 - 00000000 ____D () C:\Program Files (x86)\Magic Set Editor 2
2014-05-20 11:44 - 2014-06-04 01:48 - 572585038 _____ () C:\Windows\MEMORY.DMP
2014-05-20 11:44 - 2014-05-20 11:45 - 00538416 _____ () C:\Windows\Minidump\052014-26020-01.dmp
2014-05-17 22:13 - 2014-05-17 22:14 - 00542112 _____ () C:\Windows\Minidump\051714-25630-01.dmp
2014-05-16 19:49 - 2014-05-01 15:37 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-16 19:49 - 2014-05-01 15:37 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 12:38 - 2014-05-20 18:57 - 00000000 ____D () C:\ProgramData\EPSON
2014-05-15 12:38 - 2014-05-15 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-05-15 12:38 - 2014-05-15 12:38 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2014-05-15 12:37 - 2012-09-20 04:13 - 00120320 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ILMIBE.DLL
2014-05-15 12:37 - 2012-09-20 04:13 - 00120320 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ILMIBA.DLL
2014-05-15 12:37 - 2012-09-20 04:13 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ID4BIBE.DLL
2014-05-15 12:37 - 2012-09-20 04:13 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ID4BIBA.DLL
2014-05-15 12:37 - 2012-09-20 04:13 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL
2014-05-14 12:12 - 2014-03-28 14:19 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-05-14 12:12 - 2014-03-23 17:11 - 00269592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-05-14 10:59 - 2014-03-28 03:23 - 19759104 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 10:59 - 2014-03-28 01:18 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 02:14 - 2014-04-12 04:27 - 00172888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 02:14 - 2014-04-12 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 02:14 - 2014-04-12 04:09 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2014-05-14 02:14 - 2014-04-12 04:09 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-05-14 02:14 - 2014-04-12 04:09 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 02:14 - 2014-04-12 04:09 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 02:14 - 2014-04-12 04:08 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 02:14 - 2014-04-12 04:08 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 02:14 - 2014-04-12 04:08 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-05-14 02:14 - 2014-04-12 04:08 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 02:14 - 2014-04-12 04:07 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 02:14 - 2014-04-12 02:23 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2014-05-14 02:14 - 2014-04-12 02:23 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-05-14 02:14 - 2014-04-12 02:23 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 02:14 - 2014-04-12 02:23 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 02:14 - 2014-04-12 02:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 02:14 - 2014-04-12 02:22 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 02:14 - 2014-04-12 02:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 02:14 - 2014-04-12 01:58 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\workerdd.dll
2014-05-14 02:14 - 2014-03-10 22:32 - 06987096 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 02:14 - 2014-03-10 22:25 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 02:14 - 2014-03-10 19:41 - 00559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 02:14 - 2014-03-10 19:41 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 02:14 - 2014-03-10 19:41 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 02:14 - 2014-03-10 19:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 02:14 - 2014-03-10 19:38 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 02:14 - 2014-03-10 19:38 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 02:14 - 2014-03-10 19:38 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 02:14 - 2014-03-10 19:38 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-05-14 02:14 - 2014-03-10 19:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 02:14 - 2014-03-10 19:38 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 02:14 - 2014-03-10 19:38 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 02:14 - 2014-03-09 22:05 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 02:14 - 2014-03-09 20:27 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 02:14 - 2014-03-03 18:07 - 00570216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-05-14 02:08 - 2014-03-28 03:23 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-05-14 02:03 - 2014-05-06 00:14 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 02:03 - 2014-05-06 00:14 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 02:03 - 2014-05-05 22:48 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 02:03 - 2014-05-05 22:48 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 02:03 - 2014-05-05 22:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 02:03 - 2014-05-05 22:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 02:01 - 2014-03-01 04:47 - 01258496 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-05-14 02:01 - 2014-03-01 04:47 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2014-05-14 02:01 - 2014-03-01 03:07 - 01075200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2014-05-14 02:01 - 2014-03-01 01:59 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-05-14 02:01 - 2014-02-26 18:18 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-05-14 02:01 - 2014-02-26 18:18 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-05-14 02:01 - 2014-02-26 18:18 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-05-14 02:01 - 2014-02-26 18:18 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-05-14 02:01 - 2014-02-14 23:15 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2014-05-10 21:05 - 2014-05-10 21:06 - 00541968 _____ () C:\Windows\Minidump\051014-24835-01.dmp
2014-05-10 11:23 - 2014-05-10 11:24 - 00540288 _____ () C:\Windows\Minidump\051014-32058-01.dmp
2014-05-09 12:52 - 2014-05-09 12:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-06 16:40 - 2014-04-19 04:39 - 00628024 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-05-06 16:40 - 2014-04-19 03:45 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-05-06 16:40 - 2014-04-19 03:45 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-06 16:40 - 2014-04-19 01:57 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-05-06 16:40 - 2014-04-19 01:57 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-05 15:57 - 2014-05-05 15:57 - 00000000 ____D () C:\ProgramData\GZ

==================== One Month Modified Files and Folders =======

2014-06-04 14:54 - 2014-06-04 14:54 - 00019490 _____ () C:\Users\Chaotic\Downloads\FRST.txt
2014-06-04 14:54 - 2014-06-04 14:39 - 00000000 ____D () C:\FRST
2014-06-04 14:54 - 2013-02-28 12:30 - 00000000 ____D () C:\Users\Chaotic\AppData\Local\Temp
2014-06-04 14:43 - 2014-06-04 14:40 - 00051507 _____ () C:\Users\Chaotic\Downloads\Addition.txt
2014-06-04 14:38 - 2014-06-04 14:38 - 02068992 _____ (Farbar) C:\Users\Chaotic\Downloads\FRST64.exe
2014-06-04 14:30 - 2014-04-21 21:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-04 14:11 - 2013-02-28 12:42 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu CacheFiles-S-1-5-21-1708918778-1039857295-3247248500-1002
2014-06-04 14:00 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\sru
2014-06-04 13:17 - 2014-06-04 13:17 - 00001122 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-04 13:17 - 2014-06-04 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-04 13:17 - 2014-06-04 13:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-04 13:17 - 2013-03-03 02:00 - 00000000 ____D () C:\Users\Chaotic\AppData\Local\CrashDumps
2014-06-04 13:16 - 2014-06-04 13:14 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Chaotic\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-04 13:08 - 2013-02-28 17:29 - 00000312 _____ () C:\Windows\Tasks\NUAutoUpdate.job
2014-06-04 13:08 - 2012-09-22 02:00 - 00004524 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI
2014-06-04 13:08 - 2012-08-17 00:55 - 00000000 ____D () C:\ProgramData\Temp
2014-06-04 13:08 - 2012-08-10 19:45 - 00000821 _____ () C:\Windows\SysWOW64\bscs.ini
2014-06-04 13:08 - 2012-07-26 02:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-04 12:30 - 2012-09-22 02:00 - 00000043 _____ () C:\Windows\SysWOW64\LOCALDEVICE.INI
2014-06-04 10:56 - 2013-02-28 12:31 - 02078445 _____ () C:\Windows\WindowsUpdate.log
2014-06-04 03:26 - 2014-06-04 01:59 - 00002186 _____ () C:\Users\Chaotic\Desktop\Rkill.txt
2014-06-04 02:10 - 2013-02-28 13:46 - 00000000 ____D () C:\Users\Chaotic\AppData\Local\Adobe
2014-06-04 01:58 - 2014-06-04 01:58 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Chaotic\Downloads\rkill.exe
2014-06-04 01:48 - 2014-06-04 01:48 - 00283984 _____ () C:\Windows\Minidump\060414-22183-01.dmp
2014-06-04 01:48 - 2014-05-20 11:44 - 572585038 _____ () C:\Windows\MEMORY.DMP
2014-06-04 01:48 - 2013-03-05 22:13 - 00000000 ____D () C:\Windows\Minidump
2014-06-04 01:10 - 2014-06-04 01:10 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-04 00:57 - 2014-06-04 00:57 - 04673536 _____ () C:\Users\Chaotic\Downloads\RogueKiller.exe
2014-06-04 00:19 - 2014-06-03 21:01 - 00000360 _____ () C:\Windows\Tasks\HPCeeScheduleForBritani.job
2014-06-04 00:18 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-06-03 21:01 - 2014-05-22 21:01 - 00003178 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForBritani
2014-06-03 21:01 - 2013-02-28 12:30 - 00000000 ____D () C:\Users\Chaotic
2014-06-03 20:17 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-06-02 19:13 - 2014-06-02 19:00 - 00069546 _____ () C:\Windows\SysWOW64\AppLog.log
2014-06-02 19:13 - 2014-04-09 19:04 - 00000304 _____ () C:\Windows\Tasks\NUSchedule.job
2014-06-02 13:22 - 2013-02-28 16:56 - 00000024 _____ () C:\SROF.ini
2014-05-29 22:27 - 2013-12-16 09:09 - 00000000 ____D () C:\Users\Chaotic\Documents\Compass Stuff
2014-05-27 19:54 - 2014-05-27 19:54 - 00000000 ____D () C:\Users\Chaotic\Documents\Fax
2014-05-27 18:24 - 2014-05-27 18:24 - 00000000 ____D () C:\Users\Chaotic\AppData\Local\Downloaded Installations
2014-05-27 18:13 - 2012-07-26 02:28 - 00941114 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-27 18:05 - 2012-09-22 02:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-05-27 18:05 - 2012-09-22 02:15 - 00000000 ____D () C:\Program Files (x86)\HP SimplePass
2014-05-27 18:03 - 2012-09-22 02:14 - 00000000 ____D () C:\ProgramData\Downloaded Installations
2014-05-26 14:59 - 2014-05-26 14:59 - 00000000 ____D () C:\Users\Chaotic\Downloads\Theme - Flat - Imgur
2014-05-26 14:30 - 2014-05-26 14:30 - 00409922 _____ () C:\Users\Chaotic\Downloads\Theme - Flat - Imgur.zip
2014-05-24 21:53 - 2013-10-27 18:41 - 00000000 ____D () C:\Users\Chaotic\AppData\Roaming\vlc
2014-05-24 15:18 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\rescache
2014-05-24 12:03 - 2014-05-24 12:03 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-05-24 11:53 - 2014-03-19 13:46 - 00447600 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-24 11:52 - 2012-08-03 17:23 - 00851770 _____ () C:\Windows\PFRO.log
2014-05-22 06:25 - 2013-02-28 16:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-22 06:25 - 2012-07-26 00:26 - 00000167 _____ () C:\Windows\win.ini
2014-05-22 06:21 - 2013-03-01 14:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-05-21 14:17 - 2014-03-29 22:44 - 00000000 ____D () C:\Users\Chaotic\Downloads\Random
2014-05-20 20:06 - 2014-05-20 18:16 - 00000000 ____D () C:\Users\Chaotic\AppData\Roaming\Magic Set Editor
2014-05-20 18:58 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-05-20 18:57 - 2014-05-15 12:38 - 00000000 ____D () C:\ProgramData\EPSON
2014-05-20 18:15 - 2014-05-20 18:15 - 00001072 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicSet Editor.lnk
2014-05-20 18:14 - 2014-05-20 18:14 - 00000000 ____D () C:\Program Files (x86)\Magic Set Editor 2
2014-05-20 11:45 - 2014-05-20 11:44 - 00538416 _____ () C:\Windows\Minidump\052014-26020-01.dmp
2014-05-17 22:14 - 2014-05-17 22:13 - 00542112 _____ () C:\Windows\Minidump\051714-25630-01.dmp
2014-05-16 19:50 - 2013-02-28 12:35 - 00000000 ___RD () C:\Users\Chaotic\AppData\Roaming\Microsoft\Windows\StartMenu\Programs\Startup
2014-05-16 19:50 - 2013-02-28 12:35 - 00000000 ___RD () C:\Users\Chaotic\AppData\Roaming\Microsoft\Windows\StartMenu\Programs\Administrative Tools
2014-05-16 19:44 - 2012-07-26 03:12 - 00000000 ___RD () C:\Windows\ToastData
2014-05-16 19:44 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\StartMenu\Programs\System Tools
2014-05-16 19:44 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-16 19:44 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-05-16 19:44 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-16 19:44 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-15 12:38 - 2014-05-15 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-05-15 12:38 - 2014-05-15 12:38 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2014-05-14 23:38 - 2012-07-26 02:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-05-14 23:33 - 2013-08-14 17:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 23:30 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-05-14 23:29 - 2013-03-01 16:06 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-13 22:32 - 2014-04-21 21:35 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-12 07:26 - 2014-06-04 13:17 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-04 13:17 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-04 13:17 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-10 21:06 - 2014-05-10 21:05 - 00541968 _____ () C:\Windows\Minidump\051014-24835-01.dmp
2014-05-10 11:24 - 2014-05-10 11:23 - 00540288 _____ () C:\Windows\Minidump\051014-32058-01.dmp
2014-05-10 11:23 - 2013-02-28 13:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-09 17:22 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-09 12:52 - 2014-05-09 12:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-06 19:30 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\WinStore
2014-05-06 00:14 - 2014-05-14 02:03 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 00:14 - 2014-05-14 02:03 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 22:48 - 2014-05-14 02:03 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 22:48 - 2014-05-14 02:03 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 22:37 - 2014-05-14 02:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 22:26 - 2014-05-14 02:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-05 15:57 - 2014-05-05 15:57 - 00000000 ____D () C:\ProgramData\GZ

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-05-14 02:14] - [2014-04-12 04:10] - 0578048 ____A (Microsoft Corporation) 75DD70A14145499C9F7D903CF9A8C91B

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-06-04 01:18

==================== End Of Log ============================

Link to post
Share on other sites
chaoticfeel

chaoticfeel

Posted
  • Author
Posted

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2014
Ran by Britani at 2014-06-04 14:54:44
Running from C:\Users\Chaotic\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus Free Edition (Disabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antivirus Free Edition (Disabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}

==================== Installed Programs ======================

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.1530 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.7.0.1530 - Adobe Systems Incorporated) Hidden
Adobe Bridge 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden
Adobe Common File Installer (x32 Version: 1.00.0000 - Adobe System Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.5 - Adobe

Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.5 - Adobe Systems Incorporated) Hidden
Adobe Dreamweaver CS6 (HKLM-x32\...\{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}) (Version: 12 - Adobe Systems

Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems

Incorporated)
Adobe Flash Professional CS6 (HKLM-x32\...\{BD5669B5-49FF-4490-B956-E9D7CB9B0ADC}) (Version: 12.0 - Adobe Systems

Incorporated)
Adobe Help Center 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems

Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 -

Adobe Systems, Inc.)
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Adobe Stock Photos 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe Widget Browser (x32 Version: 2.0.348 - Adobe Systems Incorporated.) Hidden
AMD Accelerated Video Transcoding (Version: 12.5.100.20808 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{D01E0B82-7D6E-F9AC-9A7D-C6076264F419}) (Version: 8.0.881.0 - Advanced

Micro Devices, Inc.)
AMD Fuel (Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
AMD VISION Engine Control Center (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.86 - AuthenTec, Inc.) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices,

Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Command & Conquer Tiberian Sun (HKLM-x32\...\{52F25D7D-DEE1-42E7-AB48-D0F014E1F795}_is1) (Version:  - Command &

Conquer Communications Center)
Content Manager Assistant for PlayStation® (HKLM-x32\...\{81AD22B9-C28A-45a3-94B3-5FECD221AD5C}) (Version:

3.10.7525.4 - Sony Computer Entertainment Inc.)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916

- CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.1.1916 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 -

CyberLink Corp.)
CyberLink PhotoDirector (x32 Version: 2.0.1.3119 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 -

CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.1.1926 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version:

10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1925 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 -

CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.6.4319 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 -

CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.4.5527 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-

0000000FF1CE}_Office15.PROPLUSR_{341FFD7F-3127-466D-88F7-CE4DE78A48F1}) (Version:  - Microsoft)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
EPSON XP-400 Series Printer Uninstall (HKLM\...\EPSON XP-400 Series) (Version:  - SEIKO EPSON Corporation)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
FileZilla Client 3.7.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.1 - FileZilla Project)
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.15.0 - Futuremark

Corporation)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Horizon v2.7.6.2 (HKLM-x32\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.7.6.2 - Daring Development

Inc.)
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{F244D07D-1876-4CDD-914D-214E15A8D327}) (Version: 4.2.5.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio

Ltd)
HP Connected Music (Meridian - player) (HKCU\...\HPConnectedMusic) (Version: 1.1 (build 37) hp - Meridian Audio

Ltd)
HP CoolSense (HKLM-x32\...\{0D3A6808-82B8-4BB1-BE5A-AED75B3F6C02}) (Version: 2.20.11 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{92524C67-A99D-44C6-8995-04F5E76486AF}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Postscript Converter (Version: 3.1.3554 - Hewlett-Packard) Hidden
HP Product Detection (HKLM-x32\...\{AF5D2519-C6B4-4AFD-9A8D-FBF74DD4F0A0}) (Version: 11.15.0004 - HP)
HP Quick Launch (HKLM-x32\...\{609B11CC-8CED-4116-AD8A-A72168894D39}) (Version: 3.0.4 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 7.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-

Packard)
HP SimplePass (HKLM-x32\...\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}) (Version: 6.0.100.244 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard

Company)
HP Support Assistant (HKLM-x32\...\{B8019B54-F9BE-490A-9619-6D06F18F129F}) (Version: 7.0.32.44 - Hewlett-Packard

Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-

Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
InfiniteCrisis_410193F41CAE (HKLM-x32\...\InfiniteCrisis_410193F41CAE) (Version:  - Turbine, Inc)
Java 7 Update 15 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217015FF}) (Version: 7.0.150 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
LabelPrint (x32 Version: 2.50.0000 - CyberLink Corp.) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Set Editor 2.0.0 (HKLM-x32\...\Magic Set Editor 2_is1) (Version:  - )
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 -

Malwarebytes Corporation)
Microsoft Access MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version:

1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Expression Web 4 (x32 Version: 4.0.1460.0 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 64-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft

Corporation)
Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation)

Hidden
Microsoft Office Shared MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation)

Hidden
Microsoft OneNote MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft

Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version:

3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version:

8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version:

8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version:

8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD})

(Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6})

(Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4})

(Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4})

(Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475})

(Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-

725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-

87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7})

(Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5})

(Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MyDriveConnect 3.3.0.1318 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1318 - TomTom)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Norton Utilities 16 (HKLM-x32\...\Norton Utilities 16_is1) (Version: 16.0 - Symantec Corporation)
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft

Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pokémon Trading Card Game Online (HKLM-x32\...\{D81F39D4-FDA9-4356-92B1-16081D8BF71A}) (Version: 1.0.0 - The

Pokémon Company International)
Poker Night at the Inventory (HKLM-x32\...\Steam App 31280) (Version:  - Telltale Games)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Ralink Bluetooth Stack64 (HKLM\...\{58BC91D0-42E7-125D-F9B6-F2F5C0CDB096}) (Version: 9.0.715.0 - Ralink

Corporation)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 -

Ralink)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 -

Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.29025 - Realtek

Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-

0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
System Requirements Lab CYRI (HKLM-x32\...\{E5F05232-96B6-4552-A480-785A60A94B21}) (Version: 5.0.6.0 - Husdawg,

LLC)
System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 -

Husdawg, LLC)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.20202 - TeamViewer)
Update for Microsoft Excel 2013 (KB2880475) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0409-0000-0000000FF1CE}

_Office15.PROPLUSR_{830E5E0C-B48A-4FBE-83BE-28418740DED5}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2880475) 32-Bit Edition (HKLM-x32\...\{90150000-0018-0409-0000-0000000FF1CE}

_Office15.PROPLUSR_{830E5E0C-B48A-4FBE-83BE-28418740DED5}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2880475) 32-Bit Edition (HKLM-x32\...\{90150000-001B-0409-0000-0000000FF1CE}

_Office15.PROPLUSR_{830E5E0C-B48A-4FBE-83BE-28418740DED5}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2880475) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}

_Office15.PROPLUSR_{830E5E0C-B48A-4FBE-83BE-28418740DED5}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2817678) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}

_Office15.PROPLUSR_{AC57CF13-C24E-4C00-969F-5394DAE589C5}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2880980) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}

_Office15.PROPLUSR_{A10C00F8-0A83-4A74-86C5-3D0F9879E101}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2880980) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}

_Office15.PROPLUSR_{A10C00F8-0A83-4A74-86C5-3D0F9879E101}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2880980) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}

_Office15.PROPLUSR_{A10C00F8-0A83-4A74-86C5-3D0F9879E101}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}

_Office15.PROPLUSR_{A7610F07-E844-4444-8E1D-D5BC8AD0B4C5}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}

_Office15.PROPLUSR_{45B7D395-EB9B-414F-9E46-5849B42326E2}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}

_Office15.PROPLUSR_{66421820-D3CA-450A-898C-78D7E40108E6}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0409-0000-0000000FF1CE}

_Office15.PROPLUSR_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}

_Office15.PROPLUSR_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2826040) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}

_Office15.PROPLUSR_{B7EA8070-C37F-4617-82F4-52CF3304595A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827272) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0409-0000-0000000FF1CE}

_Office15.PROPLUSR_{5A645CF3-3C40-4172-BCEB-19E3FC855266}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827272) 32-Bit Edition (HKLM-x32\...\{90150000-0090-0409-0000-0000000FF1CE}

_Office15.PROPLUSR_{5A645CF3-3C40-4172-BCEB-19E3FC855266}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827272) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}

_Office15.PROPLUSR_{5A645CF3-3C40-4172-BCEB-19E3FC855266}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}

_Office15.PROPLUSR_{9BC5FF1D-9626-44D7-BC7F-EB44BD8BDB9F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863825) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}

_Office15.PROPLUSR_{96754DD8-5AF9-4CF8-A5A9-19770CD9AFBC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}

_Office15.PROPLUSR_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}

_Office15.PROPLUSR_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863844) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}

_Office15.PROPLUSR_{8AEAF88E-A488-4C1E-B10D-F00143BA650F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}

_Office15.PROPLUSR_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}

_Office15.PROPLUSR_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880464) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}

_Office15.PROPLUSR_{06EF2BF7-7351-4D70-A0D5-588FCCF9808D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880476) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}

_Office15.PROPLUSR_{DDF64A37-8E32-406E-A94C-9F5B03661A21}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880476) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}

_Office15.PROPLUSR_{DDF64A37-8E32-406E-A94C-9F5B03661A21}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}

_Office15.PROPLUSR_{7C5CEE0F-6823-4BB7-A28F-76FEC14EB6AC}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2880480) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-

0000000FF1CE}_Office15.PROPLUSR_{7655E7AA-268C-4F74-AC05-8D56F75C664A}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2880480) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0409-1000-

0000000FF1CE}_Office15.PROPLUSR_{7655E7AA-268C-4F74-AC05-8D56F75C664A}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2880480) 32-Bit Edition (HKLM-x32\...\{90150000-00BA-0409-0000-

0000000FF1CE}_Office15.PROPLUSR_{7655E7AA-268C-4F74-AC05-8D56F75C664A}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2880480) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-

0000000FF1CE}_Office15.PROPLUSR_{7655E7AA-268C-4F74-AC05-8D56F75C664A}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2817628) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}

_Office15.PROPLUSR_{DF36A224-4C72-4FF4-9961-CD4873DDAE6C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2817628) 32-Bit Edition (HKLM-x32\...\{90150000-00A1-0409-0000-0000000FF1CE}

_Office15.PROPLUSR_{DF36A224-4C72-4FF4-9961-CD4873DDAE6C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2817628) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}

_Office15.PROPLUSR_{DF36A224-4C72-4FF4-9961-CD4873DDAE6C}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 32-Bit Edition (HKLM-x32\...\{90150000-001A-0409-0000-0000000FF1CE}

_Office15.PROPLUSR_{1BCA67A6-5329-48D0-A088-C097AC7A14BD}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}

_Office15.PROPLUSR_{1BCA67A6-5329-48D0-A088-C097AC7A14BD}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2878315) 32-Bit Edition (HKLM-x32\...\{90150000-0018-0409-0000-

0000000FF1CE}_Office15.PROPLUSR_{47A62B15-D0BF-4A2E-BCE2-939DB491D387}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2878315) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-

0000000FF1CE}_Office15.PROPLUSR_{47A62B15-D0BF-4A2E-BCE2-939DB491D387}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2726952) 32-Bit Edition (HKLM-x32\...\{90150000-0019-0409-0000-

0000000FF1CE}_Office15.PROPLUSR_{173C8CEB-B73E-4C38-AF3A-05EA5BB860D4}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2726952) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-

0000000FF1CE}_Office15.PROPLUSR_{173C8CEB-B73E-4C38-AF3A-05EA5BB860D4}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-

0000000FF1CE}_Office15.PROPLUSR_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-

0000000FF1CE}_Office15.PROPLUSR_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}

_Office15.PROPLUSR_{A7CD05CC-CA85-428C-91FD-74A908D126E1}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2880455) 32-Bit Edition (HKLM-x32\...\{90150000-001A-0409-0000-0000000FF1CE}

_Office15.PROPLUSR_{BCF1F149-B9D9-49D9-B829-FCDA37F7FF0C}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2880455) 32-Bit Edition (HKLM-x32\...\{90150000-001B-0409-0000-0000000FF1CE}

_Office15.PROPLUSR_{BCF1F149-B9D9-49D9-B829-FCDA37F7FF0C}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2880455) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}

_Office15.PROPLUSR_{BCF1F149-B9D9-49D9-B829-FCDA37F7FF0C}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2880455) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}

_Office15.PROPLUSR_{BCF1F149-B9D9-49D9-B829-FCDA37F7FF0C}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
Validity WBF DDK (HKLM\...\{CD8B07B1-FB42-407D-A16A-BDFD7DE6B0BF}) (Version: 4.4.232.0 - Validity Sensors, Inc.)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom

International B.V.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
XAMPP 1.8.1 (HKLM-x32\...\xampp) (Version:  - )
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Restore Points  =========================

14-05-2014 18:27:22 Windows Update
21-05-2014 21:22:52 Scheduled Checkpoint
29-05-2014 05:16:27 Scheduled Checkpoint
04-06-2014 06:37:58 mwbts

==================== Hosts content: ==========================

2012-07-26 00:26 - 2013-04-24 11:37 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {046298FD-A4FA-4541-9138-9FA484B7EA46} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:

\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {0B4B6CF6-BF43-4E52-B81B-C088C8023352} - System32\Tasks\NUSchedule => C:\Program Files (x86)\Symantec\Norton

Utilities 16\nu.exe [2014-01-25] (Symantec)
Task: {16B16131-5EAD-4902-BE9B-F1684CFEF275} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification

=> C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask =>

Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {21D1B4E6-7EA5-4F28-8B15-EE1E40BD3041} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:

\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask =>

Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {5B35B555-97CB-4E52-9EFE-4939912225BA} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files

\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated)
Task: {5E0A46A6-B1C3-4EF4-8C82-D02FF5867C00} - System32\Tasks\NUAutoUpdate => C:\Program Files (x86)\Symantec

\Norton Utilities 16\SULauncher.exe [2013-10-30] (Symantec)
Task: {6260955F-E082-42A8-B040-E1F52E3C8A44} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink

\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {6800C740-9CC1-4EF2-AD82-13810DABB299} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink

\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {80037AC7-C633-40AB-86FD-F53263EEE3A8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows

\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {8A280714-91C9-440D-8F12-3E8F8595E9D9} - System32\Tasks\{92254D94-D7F0-4178-B8CE-987691A2E2D4} =>

Firefox.exe http://ui.skype.com/ui/0/6.6.0.106/en/abandoninstall?page=tsPlugin
Task: {8BEBF763-C54C-438A-ADBF-8A047F1BACF5} - System32\Tasks\{AF1450B0-E7A9-4AB7-813A-9ABCB100032F} =>

Firefox.exe http://ui.skype.com/ui/0/6.6.0.106/en/go/help.faq.installer?LastError=1603
Task: {A23B7652-F080-4813-9090-8EED04E4A176} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files

(x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation =>

Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A78785B4-04B6-4502-803C-4715570534AE} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-

chaoticfeel@live.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-

04-04] (Adobe Systems Incorporated)
Task: {C5CD407D-EBA5-4AB9-9E5E-2D79E91D9360} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at

Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-08-19] (Hewlett-Packard

Development Company, L.P.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData

\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C85E2666-0873-4328-AFE9-F0CDBBBB9279} - System32\Tasks\HPCeeScheduleForBritani => C:\Program Files

(x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {CECB74A5-9599-4402-A837-9910C8212AB0} - System32\Tasks\{ECE9A074-2CA4-4E73-9843-2FB75FD76853} =>

Firefox.exe http://ui.skype.com/ui/0/6.6.0.106/en/go/help.faq.installer?LastError=1603
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience

\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F3D3E41A-A9E5-4FFC-B146-16DDD54D938A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat =>

C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {FBCEE21E-E825-4118-8B05-E02264D35741} - System32\Tasks\{BFBB8F3D-7630-4494-88E1-3A22A88C7C87} =>

Firefox.exe http://ui.skype.com/ui/0/6.6.0.106/en/go/help.faq.installer?LastError=1603
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash

\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForBritani.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\NUAutoUpdate.job => C:\Program Files (x86)\Symantec\Norton Utilities 16\SULauncher.exe
Task: C:\Windows\Tasks\NUSchedule.job => C:\Program Files (x86)\Symantec\Norton Utilities 16\nu.exe

==================== Loaded Modules (whitelisted) =============

2014-04-29 18:08 - 2013-03-19 12:07 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition

\sqlite3.dll
2014-04-29 18:08 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition

\BDMetrics.dll
2012-08-08 12:36 - 2012-08-08 12:36 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel

\Fuel.Container.Wlan.dll
2014-04-08 14:18 - 2014-04-08 14:18 - 08889512 _____ () C:\Program Files\Microsoft Office

\Office15\1033\GrooveIntlResource.dll
2012-08-18 14:52 - 2012-08-18 14:52 - 00028160 _____ () C:\Windows\system32\valWBFPolicyService.exe
2012-08-10 03:36 - 2012-08-10 03:36 - 04073320 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2012-08-08 12:36 - 2012-08-08 12:36 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel

\Fuel.Proxy.Native.dll
2012-08-08 12:22 - 2012-08-08 12:22 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-

Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-08-10 03:36 - 2012-08-10 03:36 - 00018792 _____ () C:\Program Files (x86)\HP SimplePass\DownloadManager.dll
2012-09-22 02:12 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink

\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-05-09 12:52 - 2014-05-09 12:52 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-04-08 14:18 - 2014-04-08 14:18 - 08889512 _____ () C:\Program Files (x86)\Microsoft Office

\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:792D4CF1
AlternateDataStreams: C:\Users\Chaotic\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Chaotic\Downloads\mbam-setup-2.0.2.1012.exe:BDU
AlternateDataStreams: C:\Users\Chaotic\Downloads\rkill.exe:BDU
AlternateDataStreams: C:\Users\Chaotic\Downloads\RogueKiller.exe:BDU

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Users^Chaotic^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to

OneNote.lnk => C:\Windows\pss\Send to OneNote.lnkStartup

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/04/2014 01:17:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1648
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (06/04/2014 01:17:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x17bc
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (06/04/2014 01:17:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x6d4
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (06/04/2014 01:11:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x15c0
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (06/04/2014 01:09:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363
Exception code: 0x40000015
Fault offset: 0x0007da8a
Faulting process id: 0x5e4
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3
Faulting package full name: mbamservice.exe4
Faulting package-relative application ID: mbamservice.exe5

Error: (06/04/2014 01:08:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BlueSoleilCS.exe, version: 9.0.709.0, time stamp: 0x5019fa79
Faulting module name: tl_filter.dll_unloaded, version: 0.0.0.0, time stamp: 0x50247825
Exception code: 0xc0000094
Fault offset: 0x1000d53d
Faulting process id: 0x834
Faulting application start time: 0xBlueSoleilCS.exe0
Faulting application path: BlueSoleilCS.exe1
Faulting module path: BlueSoleilCS.exe2
Report Id: BlueSoleilCS.exe3
Faulting package full name: BlueSoleilCS.exe4
Faulting package-relative application ID: BlueSoleilCS.exe5

Error: (06/04/2014 01:08:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamscheduler.exe, version: 3.0.2.0, time stamp: 0x5339cec3
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xab8
Faulting application start time: 0xmbamscheduler.exe0
Faulting application path: mbamscheduler.exe1
Faulting module path: mbamscheduler.exe2
Report Id: mbamscheduler.exe3
Faulting package full name: mbamscheduler.exe4
Faulting package-relative application ID: mbamscheduler.exe5

Error: (06/04/2014 01:04:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1b20
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (06/04/2014 00:08:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1654

Error: (06/04/2014 00:08:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1654


System errors:
=============
Error: (06/04/2014 01:09:02 PM) (Source: DCOM) (EventID: 10016) (User: HP_Laptop)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-

D6EFDE67BE7D}HP_LaptopBritaniS-1-5-21-1708918778-1039857295-3247248500-1002LocalHost (Using

LRPC)UnavailableUnavailable

Error: (06/04/2014 01:09:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/04/2014 01:09:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BlueSoleilCS service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/04/2014 01:08:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error:
%%1053

Error: (06/04/2014 01:08:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.

Error: (06/04/2014 01:59:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Validity WBF Policy Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/04/2014 01:50:15 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/04/2014 01:50:15 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BlueSoleilCS service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/04/2014 01:49:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error:
%%1053

Error: (06/04/2014 01:49:47 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.


Microsoft Office Sessions:
=========================
Error: (06/04/2014 01:17:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd164801cf802148ba4a29C:

\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware

\MSVCR100.dll86882858-ec14-11e3-beed-6894233bfae8

Error: (06/04/2014 01:17:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd17bc01cf80213f42f5abC:

\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware

\MSVCR100.dll7d0e7294-ec14-11e3-beed-6894233bfae8

Error: (06/04/2014 01:17:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd6d401cf802132f99e47C:

\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware

\MSVCR100.dll70f4b77f-ec14-11e3-beed-6894233bfae8

Error: (06/04/2014 01:11:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd15c001cf80206b070dd7C:

\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware

\MSVCR100.dlla8ffc635-ec13-11e3-beed-6894233bfae8

Error: (06/04/2014 01:09:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8a5e401cf8020069bbd50C:

\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware

\mbamservice.exe4d6c3856-ec13-11e3-beed-6894233bfae8

Error: (06/04/2014 01:08:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description:

BlueSoleilCS.exe9.0.709.05019fa79tl_filter.dll_unloaded0.0.0.050247825c00000941000d53d83401cf801ff8e70794C:

\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exetl_filter.dll42b86020-ec13-11e3-

beed-6894233bfae8

Error: (06/04/2014 01:08:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description:

mbamscheduler.exe3.0.2.05339cec3MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fdab801cf801ffa5a6050C:\Program

Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes Anti-Malware

\MSVCR100.dll429249f7-ec13-11e3-beed-6894233bfae8

Error: (06/04/2014 01:04:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532MSVCR100.dll10.0.40219.3254df2be1e400000150008d6fd1b2001cf801f6cfddaf9C:

\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\Malwarebytes Anti-Malware

\MSVCR100.dllab3719c2-ec12-11e3-beec-6894233bfae8

Error: (06/04/2014 00:08:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1654

Error: (06/04/2014 00:08:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1654


==================== Memory info ===========================

Percentage of memory in use: 38%
Total physical RAM: 3548.26 MB
Available physical RAM: 2187.39 MB
Total Pagefile: 7132.26 MB
Available Pagefile: 5361.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:568.35 GB) (Free:414.29 GB) NTFS ==>[system with boot components (obtained from reading

drive)]
Drive d: (RECOVERY) (Fixed) (Total:26.71 GB) (Free:3.11 GB) NTFS ==>[system with boot components (obtained from

reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596 GB) (Disk ID: A50E1C7D)

Partition: GPT Partition Type.

==================== End Of Log ============================

Link to post
Share on other sites
Machiavelli

Machiavelli

Posted
Posted

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1

  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Link to post
Share on other sites
chaoticfeel

chaoticfeel

Posted
  • Author
Posted

# AdwCleaner v3.211 - Report created 05/06/2014 at 09:39:36
# Updated 26/05/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Britani - HP_LAPTOP
# Running from : C:\Users\Chaotic\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Chaotic\AppData\Roaming\Mozilla\Firefox\Profiles\aoo0a9q2.default\Extensions\anttoolbar@ant.com
File Deleted : C:\Users\Public\Desktop\eBay.lnk

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\AppDataLow\Software

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Chaotic\AppData\Roaming\Mozilla\Firefox\Profiles\aoo0a9q2.default\prefs.js ]


[ File : C:\Users\Chaotic\AppData\Roaming\Mozilla\Firefox\Profiles\aoo0a9q2.default\prefs.js ]


[ File : C:\Users\Chaotic\AppData\Roaming\Mozilla\Firefox\Profiles\aoo0a9q2.default\prefs.js ]


[ File : C:\Users\Chaotic\AppData\Roaming\Mozilla\Firefox\Profiles\aoo0a9q2.default\prefs.js ]


[ File : C:\Users\Chaotic\AppData\Roaming\Mozilla\Firefox\Profiles\aoo0a9q2.default\prefs.js ]


[ File : C:\Users\Chaotic\AppData\Roaming\Mozilla\Firefox\Profiles\aoo0a9q2.default\prefs.js ]


[ File : C:\Users\Chaotic\AppData\Roaming\Mozilla\Firefox\Profiles\aoo0a9q2.default\prefs.js ]


[ File : C:\Users\Chaotic\AppData\Roaming\Mozilla\Firefox\Profiles\aoo0a9q2.default\prefs.js ]


[ File : C:\Users\Chaotic\AppData\Roaming\Mozilla\Firefox\Profiles\aoo0a9q2.default\prefs.js ]


[ File : C:\Users\Chaotic\AppData\Roaming\Mozilla\Firefox\Profiles\aoo0a9q2.default\prefs.js ]


[ File : C:\Users\Chaotic\AppData\Roaming\Mozilla\Firefox\Profiles\aoo0a9q2.default\prefs.js ]


[ File : C:\Users\Chaotic\AppData\Roaming\Mozilla\Firefox\Profiles\aoo0a9q2.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [4283 octets] - [05/06/2014 09:38:22]
AdwCleaner[s0].txt - [2657 octets] - [05/06/2014 09:39:36]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2717 octets] ##########

Link to post
Share on other sites
chaoticfeel

chaoticfeel

Posted
  • Author
Posted

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by Britani on Thu 06/05/2014 at  9:45:44.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9D4C0340-0989-4C9C-B2C4-600D554AF3AD}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9D4C0340-0989-4C9C-B2C4-600D554AF3AD}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Empty Folder] C:\Users\Chaotic\appdata\local\{002EDFE1-4274-4509-AEB9-8F0D77236E23}
Successfully deleted: [Empty Folder] C:\Users\Chaotic\appdata\local\{31B3F74E-9A4F-44DD-9028-A8DB9BDA4CB2}
Successfully deleted: [Empty Folder] C:\Users\Chaotic\appdata\local\{498037B6-A247-4724-B2B9-A4834EF2FF2F}
Successfully deleted: [Empty Folder] C:\Users\Chaotic\appdata\local\{50D54179-3794-462B-8FA2-96E78A50AE8A}
Successfully deleted: [Empty Folder] C:\Users\Chaotic\appdata\local\{82388657-7566-424E-876B-761D23D85F7A}
Successfully deleted: [Empty Folder] C:\Users\Chaotic\appdata\local\{CD7F9DCE-05A7-4DB9-A921-71E4C0CCD1FC}



~~~ FireFox

Emptied folder: C:\Users\Chaotic\AppData\Roaming\mozilla\firefox\profiles\aoo0a9q2.default\minidumps [117 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 06/05/2014 at 10:01:21.64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites
chaoticfeel

chaoticfeel

Posted
  • Author
Posted

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Britani (administrator) on HP_LAPTOP on 05-06-2014 10:03:49
Running from C:\Users\Chaotic\Downloads
Platform: Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Symantec) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Windows\System32\valWBFPolicyService.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Spotify Ltd) C:\Users\Chaotic\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIIBE.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-24] (IDT, Inc.)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [btTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [363520 2012-08-02] (IVT Corporation)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-31] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sSDMonitor] => C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe [106112 2014-01-25] (Symantec Corporation)
HKU\S-1-5-21-1708918778-1039857295-3247248500-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1708918778-1039857295-3247248500-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [405504 2012-07-25] (Microsoft Corporation)
HKU\S-1-5-21-1708918778-1039857295-3247248500-1002\...\Run: [spotify Web Helper] => C:\Users\Chaotic\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-29] (Spotify Ltd)
HKU\S-1-5-21-1708918778-1039857295-3247248500-1002\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIBE.EXE [283232 2012-09-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1708918778-1039857295-3247248500-1002\...\MountPoints2: {59e9479c-595e-11e3-beb4-6894233bfae8} - "F:\CMADownloader.exe"
HKU\S-1-5-21-1708918778-1039857295-3247248500-1002\...\MountPoints2: {c70be276-860b-11e2-be7a-6894233bfae8} - "F:\CMADownloader.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Content Manager Assistant for PlayStation®.lnk
ShortcutTarget: Content Manager Assistant for PlayStation®.lnk -> C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
Startup: C:\Users\Chaotic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=U160&ocid=U160DHP&dt=080913
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {9D4C0340-0989-4C9C-B2C4-600D554AF3AD} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Chaotic\AppData\Roaming\Mozilla\Firefox\Profiles\aoo0a9q2.default
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF Keyword.URL: hxxp://www.bing.com/search?q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: HP Detect - C:\Users\Chaotic\AppData\Roaming\Mozilla\Firefox\Profiles\aoo0a9q2.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2013-02-28]
FF Extension: TinEye Reverse Image Search - C:\Users\Chaotic\AppData\Roaming\Mozilla\Firefox\Profiles\aoo0a9q2.default\Extensions\tineye@ideeinc.com.xpi [2013-04-29]
FF Extension: Google Translator for Firefox - C:\Users\Chaotic\AppData\Roaming\Mozilla\Firefox\Profiles\aoo0a9q2.default\Extensions\translator@zoli.bod.xpi [2014-04-29]
FF Extension: Bluhell Firewall - C:\Users\Chaotic\AppData\Roaming\Mozilla\Firefox\Profiles\aoo0a9q2.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2014-05-29]

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-03-01] (Adobe Systems)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1544192 2012-08-02] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2012-07-10] (IVT Corporation)
S3 DiskDoctorService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe [1147424 2012-09-30] (Symantec Corporation)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641320 2012-08-10] (HP)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4784312 2013-04-23] (INCA Internet Co., Ltd.)
R2 NU16StartManagerSvc; C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [792608 2012-09-30] (Symantec)
S3 SpeedDiskService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1160224 2012-09-30] (Symantec Corporation)
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-08-18] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2014-05-24] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthHFEnum;
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48736 2012-08-08] (Ralink Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [266896 2012-06-13] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [30448 2013-10-30] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-06-27] (Hewlett-Packard Development Company, L.P.)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-25] (Microsoft Corporation)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-05 10:03 - 2014-06-05 10:03 - 00017810 _____ () C:\Users\Chaotic\Downloads\FRST.txt
2014-06-05 10:01 - 2014-06-05 10:01 - 00001768 _____ () C:\Users\Chaotic\Desktop\JRT.txt
2014-06-05 09:45 - 2014-06-05 09:45 - 00000000 ____D () C:\Windows\ERUNT
2014-06-05 09:44 - 2014-06-05 09:44 - 01016261 _____ (Thisisu) C:\Users\Chaotic\Downloads\JRT.exe
2014-06-05 09:37 - 2014-06-05 09:39 - 00000000 ____D () C:\AdwCleaner
2014-06-05 09:37 - 2014-06-05 09:37 - 01327971 _____ () C:\Users\Chaotic\Downloads\AdwCleaner.exe
2014-06-04 14:39 - 2014-06-05 10:03 - 00000000 ____D () C:\FRST
2014-06-04 14:38 - 2014-06-04 14:38 - 02068992 _____ (Farbar) C:\Users\Chaotic\Downloads\FRST64.exe
2014-06-04 13:17 - 2014-06-04 13:17 - 00001122 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-04 13:17 - 2014-06-04 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-04 13:17 - 2014-06-04 13:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-04 13:17 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-04 13:17 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-04 13:17 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-04 13:14 - 2014-06-04 13:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Chaotic\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-04 01:59 - 2014-06-04 03:26 - 00002186 _____ () C:\Users\Chaotic\Desktop\Rkill.txt
2014-06-04 01:58 - 2014-06-04 01:58 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Chaotic\Downloads\rkill.exe
2014-06-04 01:48 - 2014-06-04 01:48 - 00283984 _____ () C:\Windows\Minidump\060414-22183-01.dmp
2014-06-04 01:10 - 2014-06-04 01:10 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-04 00:57 - 2014-06-04 00:57 - 04673536 _____ () C:\Users\Chaotic\Downloads\RogueKiller.exe
2014-06-03 21:01 - 2014-06-04 00:19 - 00000360 _____ () C:\Windows\Tasks\HPCeeScheduleForBritani.job
2014-06-02 19:00 - 2014-06-02 19:13 - 00069546 _____ () C:\Windows\SysWOW64\AppLog.log
2014-05-27 19:54 - 2014-05-27 19:54 - 00000000 ____D () C:\Users\Chaotic\Documents\Fax
2014-05-27 18:24 - 2014-05-27 18:24 - 00000000 ____D () C:\Users\Chaotic\AppData\Local\Downloaded Installations
2014-05-26 14:59 - 2014-05-26 14:59 - 00000000 ____D () C:\Users\Chaotic\Downloads\Theme - Flat - Imgur
2014-05-26 14:30 - 2014-05-26 14:30 - 00409922 _____ () C:\Users\Chaotic\Downloads\Theme - Flat - Imgur.zip
2014-05-24 12:03 - 2014-05-24 12:03 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-05-22 21:01 - 2014-06-03 21:01 - 00003178 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForBritani
2014-05-20 18:16 - 2014-05-20 20:06 - 00000000 ____D () C:\Users\Chaotic\AppData\Roaming\Magic Set Editor
2014-05-20 18:15 - 2014-05-20 18:15 - 00001072 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Set Editor.lnk
2014-05-20 18:14 - 2014-05-20 18:14 - 00000000 ____D () C:\Program Files (x86)\Magic Set Editor 2
2014-05-20 11:44 - 2014-06-04 01:48 - 572585038 _____ () C:\Windows\MEMORY.DMP
2014-05-20 11:44 - 2014-05-20 11:45 - 00538416 _____ () C:\Windows\Minidump\052014-26020-01.dmp
2014-05-17 22:13 - 2014-05-17 22:14 - 00542112 _____ () C:\Windows\Minidump\051714-25630-01.dmp
2014-05-16 19:49 - 2014-05-01 15:37 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-16 19:49 - 2014-05-01 15:37 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 12:38 - 2014-05-20 18:57 - 00000000 ____D () C:\ProgramData\EPSON
2014-05-15 12:38 - 2014-05-15 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-05-15 12:38 - 2014-05-15 12:38 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2014-05-15 12:37 - 2012-09-20 04:13 - 00120320 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ILMIBE.DLL
2014-05-15 12:37 - 2012-09-20 04:13 - 00120320 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ILMIBA.DLL
2014-05-15 12:37 - 2012-09-20 04:13 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ID4BIBE.DLL
2014-05-15 12:37 - 2012-09-20 04:13 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ID4BIBA.DLL
2014-05-15 12:37 - 2012-09-20 04:13 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL
2014-05-14 12:12 - 2014-03-28 14:19 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-05-14 12:12 - 2014-03-23 17:11 - 00269592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-05-14 10:59 - 2014-03-28 03:23 - 19759104 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 10:59 - 2014-03-28 01:18 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 02:14 - 2014-04-12 04:27 - 00172888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 02:14 - 2014-04-12 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 02:14 - 2014-04-12 04:09 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2014-05-14 02:14 - 2014-04-12 04:09 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-05-14 02:14 - 2014-04-12 04:09 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 02:14 - 2014-04-12 04:09 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 02:14 - 2014-04-12 04:08 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 02:14 - 2014-04-12 04:08 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 02:14 - 2014-04-12 04:08 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-05-14 02:14 - 2014-04-12 04:08 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 02:14 - 2014-04-12 04:07 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 02:14 - 2014-04-12 02:23 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2014-05-14 02:14 - 2014-04-12 02:23 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-05-14 02:14 - 2014-04-12 02:23 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 02:14 - 2014-04-12 02:23 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 02:14 - 2014-04-12 02:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 02:14 - 2014-04-12 02:22 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 02:14 - 2014-04-12 02:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 02:14 - 2014-04-12 01:58 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\workerdd.dll
2014-05-14 02:14 - 2014-03-10 22:32 - 06987096 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 02:14 - 2014-03-10 22:25 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 02:14 - 2014-03-10 19:41 - 00559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 02:14 - 2014-03-10 19:41 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 02:14 - 2014-03-10 19:41 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 02:14 - 2014-03-10 19:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 02:14 - 2014-03-10 19:38 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 02:14 - 2014-03-10 19:38 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 02:14 - 2014-03-10 19:38 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 02:14 - 2014-03-10 19:38 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-05-14 02:14 - 2014-03-10 19:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 02:14 - 2014-03-10 19:38 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 02:14 - 2014-03-10 19:38 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 02:14 - 2014-03-09 22:05 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 02:14 - 2014-03-09 20:27 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 02:14 - 2014-03-03 18:07 - 00570216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-05-14 02:08 - 2014-03-28 03:23 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-05-14 02:03 - 2014-05-06 00:14 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 02:03 - 2014-05-06 00:14 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 02:03 - 2014-05-05 22:48 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 02:03 - 2014-05-05 22:48 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 02:03 - 2014-05-05 22:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 02:03 - 2014-05-05 22:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 02:01 - 2014-03-01 04:47 - 01258496 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-05-14 02:01 - 2014-03-01 04:47 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2014-05-14 02:01 - 2014-03-01 03:07 - 01075200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2014-05-14 02:01 - 2014-03-01 01:59 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-05-14 02:01 - 2014-02-26 18:18 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-05-14 02:01 - 2014-02-26 18:18 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-05-14 02:01 - 2014-02-26 18:18 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-05-14 02:01 - 2014-02-26 18:18 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-05-14 02:01 - 2014-02-14 23:15 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2014-05-10 21:05 - 2014-05-10 21:06 - 00541968 _____ () C:\Windows\Minidump\051014-24835-01.dmp
2014-05-10 11:23 - 2014-05-10 11:24 - 00540288 _____ () C:\Windows\Minidump\051014-32058-01.dmp
2014-05-09 12:52 - 2014-05-09 12:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-06 16:40 - 2014-04-19 04:39 - 00628024 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-05-06 16:40 - 2014-04-19 03:45 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-05-06 16:40 - 2014-04-19 03:45 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-06 16:40 - 2014-04-19 01:57 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-05-06 16:40 - 2014-04-19 01:57 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

==================== One Month Modified Files and Folders =======

2014-06-05 10:03 - 2014-06-05 10:03 - 00017810 _____ () C:\Users\Chaotic\Downloads\FRST.txt
2014-06-05 10:03 - 2014-06-04 14:39 - 00000000 ____D () C:\FRST
2014-06-05 10:03 - 2013-02-28 12:30 - 00000000 ____D () C:\Users\Chaotic\AppData\Local\Temp
2014-06-05 10:01 - 2014-06-05 10:01 - 00001768 _____ () C:\Users\Chaotic\Desktop\JRT.txt
2014-06-05 10:00 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\sru
2014-06-05 09:53 - 2013-02-28 12:42 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1708918778-1039857295-3247248500-1002
2014-06-05 09:45 - 2014-06-05 09:45 - 00000000 ____D () C:\Windows\ERUNT
2014-06-05 09:45 - 2012-08-10 19:45 - 00000821 _____ () C:\Windows\SysWOW64\bscs.ini
2014-06-05 09:44 - 2014-06-05 09:44 - 01016261 _____ (Thisisu) C:\Users\Chaotic\Downloads\JRT.exe
2014-06-05 09:43 - 2013-03-03 02:00 - 00000000 ____D () C:\Users\Chaotic\AppData\Local\CrashDumps
2014-06-05 09:42 - 2013-02-28 17:29 - 00000312 _____ () C:\Windows\Tasks\NUAutoUpdate.job
2014-06-05 09:42 - 2012-08-17 00:55 - 00000000 ____D () C:\ProgramData\Temp
2014-06-05 09:41 - 2012-09-22 02:00 - 00004524 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI
2014-06-05 09:41 - 2012-09-22 02:00 - 00000043 _____ () C:\Windows\SysWOW64\LOCALDEVICE.INI
2014-06-05 09:41 - 2012-07-26 02:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-05 09:40 - 2012-08-03 17:23 - 00852076 _____ () C:\Windows\PFRO.log
2014-06-05 09:40 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-06-05 09:39 - 2014-06-05 09:37 - 00000000 ____D () C:\AdwCleaner
2014-06-05 09:37 - 2014-06-05 09:37 - 01327971 _____ () C:\Users\Chaotic\Downloads\AdwCleaner.exe
2014-06-05 09:30 - 2014-04-21 21:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-05 09:21 - 2013-02-28 12:31 - 01101833 _____ () C:\Windows\WindowsUpdate.log
2014-06-05 09:13 - 2013-02-28 13:46 - 00000000 ____D () C:\Users\Chaotic\AppData\Local\Adobe
2014-06-04 14:38 - 2014-06-04 14:38 - 02068992 _____ (Farbar) C:\Users\Chaotic\Downloads\FRST64.exe
2014-06-04 13:17 - 2014-06-04 13:17 - 00001122 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-04 13:17 - 2014-06-04 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-04 13:17 - 2014-06-04 13:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-04 13:16 - 2014-06-04 13:14 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Chaotic\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-04 03:26 - 2014-06-04 01:59 - 00002186 _____ () C:\Users\Chaotic\Desktop\Rkill.txt
2014-06-04 01:58 - 2014-06-04 01:58 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Chaotic\Downloads\rkill.exe
2014-06-04 01:48 - 2014-06-04 01:48 - 00283984 _____ () C:\Windows\Minidump\060414-22183-01.dmp
2014-06-04 01:48 - 2014-05-20 11:44 - 572585038 _____ () C:\Windows\MEMORY.DMP
2014-06-04 01:48 - 2013-03-05 22:13 - 00000000 ____D () C:\Windows\Minidump
2014-06-04 01:10 - 2014-06-04 01:10 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-04 00:57 - 2014-06-04 00:57 - 04673536 _____ () C:\Users\Chaotic\Downloads\RogueKiller.exe
2014-06-04 00:19 - 2014-06-03 21:01 - 00000360 _____ () C:\Windows\Tasks\HPCeeScheduleForBritani.job
2014-06-03 21:01 - 2014-05-22 21:01 - 00003178 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForBritani
2014-06-03 21:01 - 2013-02-28 12:30 - 00000000 ____D () C:\Users\Chaotic
2014-06-03 20:17 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-06-02 19:13 - 2014-06-02 19:00 - 00069546 _____ () C:\Windows\SysWOW64\AppLog.log
2014-06-02 19:13 - 2014-04-09 19:04 - 00000304 _____ () C:\Windows\Tasks\NUSchedule.job
2014-06-02 13:22 - 2013-02-28 16:56 - 00000024 _____ () C:\SROF.ini
2014-05-29 22:27 - 2013-12-16 09:09 - 00000000 ____D () C:\Users\Chaotic\Documents\Compass Stuff
2014-05-27 19:54 - 2014-05-27 19:54 - 00000000 ____D () C:\Users\Chaotic\Documents\Fax
2014-05-27 18:24 - 2014-05-27 18:24 - 00000000 ____D () C:\Users\Chaotic\AppData\Local\Downloaded Installations
2014-05-27 18:13 - 2012-07-26 02:28 - 00941114 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-27 18:05 - 2012-09-22 02:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-05-27 18:05 - 2012-09-22 02:15 - 00000000 ____D () C:\Program Files (x86)\HP SimplePass
2014-05-27 18:03 - 2012-09-22 02:14 - 00000000 ____D () C:\ProgramData\Downloaded Installations
2014-05-26 14:59 - 2014-05-26 14:59 - 00000000 ____D () C:\Users\Chaotic\Downloads\Theme - Flat - Imgur
2014-05-26 14:30 - 2014-05-26 14:30 - 00409922 _____ () C:\Users\Chaotic\Downloads\Theme - Flat - Imgur.zip
2014-05-24 21:53 - 2013-10-27 18:41 - 00000000 ____D () C:\Users\Chaotic\AppData\Roaming\vlc
2014-05-24 15:18 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\rescache
2014-05-24 12:03 - 2014-05-24 12:03 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-05-24 11:53 - 2014-03-19 13:46 - 00447600 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-22 06:25 - 2013-02-28 16:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-22 06:25 - 2012-07-26 00:26 - 00000167 _____ () C:\Windows\win.ini
2014-05-22 06:21 - 2013-03-01 14:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-05-21 14:17 - 2014-03-29 22:44 - 00000000 ____D () C:\Users\Chaotic\Downloads\Random
2014-05-20 20:06 - 2014-05-20 18:16 - 00000000 ____D () C:\Users\Chaotic\AppData\Roaming\Magic Set Editor
2014-05-20 18:58 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-05-20 18:57 - 2014-05-15 12:38 - 00000000 ____D () C:\ProgramData\EPSON
2014-05-20 18:15 - 2014-05-20 18:15 - 00001072 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Set Editor.lnk
2014-05-20 18:14 - 2014-05-20 18:14 - 00000000 ____D () C:\Program Files (x86)\Magic Set Editor 2
2014-05-20 11:45 - 2014-05-20 11:44 - 00538416 _____ () C:\Windows\Minidump\052014-26020-01.dmp
2014-05-17 22:14 - 2014-05-17 22:13 - 00542112 _____ () C:\Windows\Minidump\051714-25630-01.dmp
2014-05-16 19:50 - 2013-02-28 12:35 - 00000000 ___RD () C:\Users\Chaotic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 19:50 - 2013-02-28 12:35 - 00000000 ___RD () C:\Users\Chaotic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 19:44 - 2012-07-26 03:12 - 00000000 ___RD () C:\Windows\ToastData
2014-05-16 19:44 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-16 19:44 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-16 19:44 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-05-16 19:44 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-16 19:44 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-15 12:38 - 2014-05-15 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-05-15 12:38 - 2014-05-15 12:38 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2014-05-14 23:38 - 2012-07-26 02:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-05-14 23:33 - 2013-08-14 17:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 23:30 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-05-14 23:29 - 2013-03-01 16:06 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-13 22:32 - 2014-04-21 21:35 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-12 07:26 - 2014-06-04 13:17 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-04 13:17 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-04 13:17 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-10 21:06 - 2014-05-10 21:05 - 00541968 _____ () C:\Windows\Minidump\051014-24835-01.dmp
2014-05-10 11:24 - 2014-05-10 11:23 - 00540288 _____ () C:\Windows\Minidump\051014-32058-01.dmp
2014-05-10 11:23 - 2013-02-28 13:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-09 17:22 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-09 12:52 - 2014-05-09 12:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-06 19:30 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\WinStore
2014-05-06 00:14 - 2014-05-14 02:03 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 00:14 - 2014-05-14 02:03 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

Some content of TEMP:
====================
C:\Users\Chaotic\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-05-14 02:14] - [2014-04-12 04:10] - 0578048 ____A (Microsoft Corporation) 75DD70A14145499C9F7D903CF9A8C91B

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-06-05 09:24

==================== End Of Log ============================

Link to post
Share on other sites
Machiavelli

Machiavelli

Posted
Posted

aswMBR

Please download aswMBR from one of the links below and save it to your Desktop.

Download Mirror #1

  • Right-click on aswMBR.exe and select Run as Administrator.
  • Click Yes when asked to download the Avast! definitions.
  • Click Scan to initiate the scan.
  • When the scan finishes, click Save Log and save this to your Desktop.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
GMER

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror which will download a randomly named file
  • Zipped Mirror - Unzip the file to its own folder such as C:\gmer
  • Disconnect from the Internet and close all running programs
  • Temporarily disable any real-time active protection
  • It is very important you do not use your computer while GMER is running
  • Double-click on the randomly named GMER gmericon_zps951fd5aa.jpg icon
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan
  • If you receive a warning about rootkit activity and are asked to fully scan your system click NO
  • Please check in the Quick scan box
  • Please uncheck the following:
    • IAT/EAT
    • Show All <<< Important
    GMER2new_zpsdd936679.jpg
  • Click Scan
  • If you see a rootkit warning window click OK
  • When the scan is finished, Save the results to your desktop as gmer.log
  • Click Copy then paste the results in your reply
  • Exit GMER and be sure to re-enable your Antivirus, Firewall and any other security programs you had disabled
Note:
  • If you encounter any problems, try running GMER in Safe Mode
  • If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning
Link to post
Share on other sites
chaoticfeel

chaoticfeel

Posted
  • Author
Posted

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-06-05 12:28:00
-----------------------------
12:28:00.247    OS Version: Windows x64 6.2.9200
12:28:00.247    Number of processors: 2 586 0x1001
12:28:00.248    ComputerName: HP_LAPTOP  UserName: Britani
12:28:00.347    Initialze error 1
12:43:30.486    AVAST engine defs: 14060500
12:54:18.771    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000003c
12:54:18.771    Disk 0 Vendor: ST640LM000_HM641JI 2AJ10003 Size: 610480MB BusType: 11
12:54:18.802    Disk 0 MBR read successfully
12:54:18.802    Disk 0 MBR scan
12:54:18.849    Disk 0 unknown MBR code
12:54:18.849    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
12:54:18.880    Disk 0 scanning C:\Windows\system32\drivers
12:54:18.880    Service scanning
12:54:19.504    Modules scanning
12:54:19.504    Disk 0 trace - called modules:
12:54:19.520    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
12:54:19.520    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004cf4060]
12:54:19.520    3 CLASSPNP.SYS[fffff88000f1ce0a] -> nt!IofCallDriver -> [0xfffffa8004cf5b10]
12:54:19.551    5 hpdskflt.sys[fffff88001fb0339] -> nt!IofCallDriver -> [0xfffffa8004c1e040]
12:54:19.566    7 amd_xata.sys[fffff88001557634] -> nt!IofCallDriver -> \Device\0000003c[0xfffffa8004701060]
12:54:19.566    AVAST engine scan C:\Windows
12:54:19.566    AVAST engine scan C:\Windows\system32
12:54:19.582    AVAST engine scan C:\Windows\system32\drivers
12:54:19.582    AVAST engine scan C:\Users\Chaotic
12:54:19.598    AVAST engine scan C:\ProgramData
12:54:19.598    Scan finished successfully
12:54:38.829    Disk 0 MBR has been saved successfully to "C:\Users\Chaotic\Desktop\MBR.dat"
12:54:38.829    The log file has been saved successfully to "C:\Users\Chaotic\Desktop\aswMBR.txt"

Link to post
Share on other sites
Machiavelli

Machiavelli

Posted
Posted

Step 1: FRST Fix

  • Please download the attached fixlist.txt file and save it to the same location as FRST

    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please disable your AntiVirus before doing these steps!

  • If you have Win Vista / Win 7 / Win 8 please start IE as Administrator!
  • This will only work for Internet Explorer or FireFox
  • Please download ESET Online Scanner from here
  • How to do this?
    • Visit this website here
    • You will see a screen like this:

e922iil8.png

  • Click Run ESET Online Scanner

    4e3svhbd.png

  • A Window will open (see above) - please click on the link
  • A window will pop up - please download the file to your Desktop
  • When the download has finished please run the program (for Win Vista/ Win7 / Win 8 User please run it as Administrator)

    p35jbmyy.png

  • Tick the box next to YES, I accept the Terms of Use then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.

    p3b9meru.png

  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Then click on Start
  • virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • After the scan is finished please click on Finish
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

fixlist.txt

Link to post
Share on other sites
chaoticfeel

chaoticfeel

Posted
  • Author
Posted

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-06-2014
Ran by Britani at 2014-06-05 14:01:24 Run:1
Running from C:\Users\Chaotic\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1708918778-1039857295-3247248500-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1708918778-1039857295-3247248500-1002\...\MountPoints2: {59e9479c-595e-11e3-beb4-6894233bfae8} - "F:\CMADownloader.exe"
HKU\S-1-5-21-1708918778-1039857295-3247248500-1002\...\MountPoints2: {c70be276-860b-11e2-be7a-6894233bfae8} - "F:\CMADownloader.exe"
C:\Users\Chaotic\AppData\Local\Temp\Quarantine.exe
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKU\S-1-5-21-1708918778-1039857295-3247248500-1002\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => Value deleted successfully.
HKU\S-1-5-21-1708918778-1039857295-3247248500-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59e9479c-595e-11e3-beb4-6894233bfae8} => Key deleted successfully.
HKCR\CLSID\{59e9479c-595e-11e3-beb4-6894233bfae8} => Key not found.
HKU\S-1-5-21-1708918778-1039857295-3247248500-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c70be276-860b-11e2-be7a-6894233bfae8} => Key deleted successfully.
HKCR\CLSID\{c70be276-860b-11e2-be7a-6894233bfae8} => Key not found.
C:\Users\Chaotic\AppData\Local\Temp\Quarantine.exe => Moved successfully.

==== End of Fixlog ====

Link to post
Share on other sites
chaoticfeel

chaoticfeel

Posted
  • Author
Posted

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Britani (administrator) on HP_LAPTOP on 05-06-2014 14:02:47
Running from C:\Users\Chaotic\Downloads
Platform: Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-

tool/

==================== Processes (Whitelisted) =================

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Symantec) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Windows\System32\valWBFPolicyService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Spotify Ltd) C:\Users\Chaotic\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIIBE.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-24] (IDT, Inc.)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics

Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA

\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216

2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [btTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [363520

2012-08-02] (IVT Corporation)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07

-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-

28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512

2012-07-31] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager

\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848

2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096

2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sSDMonitor] => C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\SSDMonitor.exe

[106112 2014-01-25] (Symantec Corporation)
HKU\S-1-5-21-1708918778-1039857295-3247248500-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows

\System32\StikyNot.exe [405504 2012-07-25] (Microsoft Corporation)
HKU\S-1-5-21-1708918778-1039857295-3247248500-1002\...\Run: [spotify Web Helper] => C:\Users\Chaotic\AppData

\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-29] (Spotify Ltd)
HKU\S-1-5-21-1708918778-1039857295-3247248500-1002\...\Run: [EPLTarget\P0000000000000000] => C:\Windows

\system32\spool\DRIVERS\x64\3\E_IATIIBE.EXE [283232 2012-09-20] (SEIKO EPSON CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Content Manager Assistant for PlayStation

®.lnk
ShortcutTarget: Content Manager Assistant for PlayStation®.lnk -> C:\Program Files (x86)\Sony\Content Manager

Assistant\CMA.exe (Sony Computer Entertainment Inc.)
Startup: C:\Users\Chaotic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

(Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=U160&ocid=U160DHP&dt=080913
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q=

{searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}

&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {9D4C0340-0989-4C9C-B2C4-600D554AF3AD} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-

8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-

2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-

11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}

&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-

2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office

\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft

Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office

\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java

\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files

(x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java

\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype

\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Chaotic\AppData\Roaming\Mozilla\Firefox\Profiles\aoo0a9q2.default
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF Keyword.URL: hxxp://www.bing.com/search?q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll (

Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems,

Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

(Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins

\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight

\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft

Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery

\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery

\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games

\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

(Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Extension: HP Detect - C:\Users\Chaotic\AppData\Roaming\Mozilla\Firefox\Profiles\aoo0a9q2.default\Extensions

\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2013-02-28]
FF Extension: TinEye Reverse Image Search - C:\Users\Chaotic\AppData\Roaming\Mozilla\Firefox\Profiles

\aoo0a9q2.default\Extensions\tineye@ideeinc.com.xpi [2013-04-29]
FF Extension: Google Translator for Firefox - C:\Users\Chaotic\AppData\Roaming\Mozilla\Firefox\Profiles

\aoo0a9q2.default\Extensions\translator@zoli.bod.xpi [2014-04-29]
FF Extension: Bluhell Firewall - C:\Users\Chaotic\AppData\Roaming\Mozilla\Firefox\Profiles\aoo0a9q2.default

\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2014-05-29]

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-

03-01] (Adobe Systems)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced

Micro Devices, Inc.)
S2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1544192 2012-

08-02] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2012-07-10]

(IVT Corporation)
S3 DiskDoctorService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\Disk Doctor\DiskDoctorSrv.exe

[1147424 2012-09-30] (Symantec Corporation)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641320 2012-08-10] (HP)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4784312 2013-04-23] (INCA Internet Co., Ltd.)
R2 NU16StartManagerSvc; C:\Program Files (x86)\Symantec\Norton Utilities 16\sMonitor\StartManSvc.exe [792608 2012

-09-30] (Symantec)
S3 SpeedDiskService; C:\Program Files (x86)\Symantec\Norton Utilities 16\Tools\SpeedDisk\SpeedDiskSrv.exe [1160224

2012-09-30] (Symantec Corporation)
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-08-18] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2014-05-24] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthHFEnum;
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48736 2012-08-08] (Ralink Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [266896 2012-06-13] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [30448 2013-10-30] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-06-27] (Hewlett-

Packard Development Company, L.P.)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [89088 2012-07-25] (Microsoft Corporation)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-05 14:02 - 2014-06-05 14:02 - 00017510 _____ () C:\Users\Chaotic\Downloads\FRST.txt
2014-06-05 13:56 - 2014-06-05 13:56 - 00000000 ____D () C:\Users\Chaotic\Desktop\Repair
2014-06-05 12:55 - 2014-06-05 12:56 - 00380416 _____ () C:\Users\Chaotic\Downloads\7drzd8u3.exe
2014-06-05 12:27 - 2014-06-05 12:27 - 04745728 _____ (AVAST Software) C:\Users\Chaotic\Downloads\aswMBR.exe
2014-06-05 09:45 - 2014-06-05 09:45 - 00000000 ____D () C:\Windows\ERUNT
2014-06-05 09:44 - 2014-06-05 09:44 - 01016261 _____ (Thisisu) C:\Users\Chaotic\Downloads\JRT.exe
2014-06-05 09:37 - 2014-06-05 09:39 - 00000000 ____D () C:\AdwCleaner
2014-06-05 09:37 - 2014-06-05 09:37 - 01327971 _____ () C:\Users\Chaotic\Downloads\AdwCleaner.exe
2014-06-04 14:39 - 2014-06-05 14:02 - 00000000 ____D () C:\FRST
2014-06-04 14:38 - 2014-06-04 14:38 - 02068992 _____ (Farbar) C:\Users\Chaotic\Downloads\FRST64.exe
2014-06-04 13:17 - 2014-06-05 13:49 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers

\mbamchameleon.sys
2014-06-04 13:17 - 2014-06-04 13:17 - 00001122 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-04 13:17 - 2014-06-04 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs

\Malwarebytes Anti-Malware
2014-06-04 13:17 - 2014-06-04 13:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-04 13:17 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers

\mwac.sys
2014-06-04 13:17 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers

\mbam.sys
2014-06-04 13:14 - 2014-06-04 13:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Chaotic\Downloads\mbam-

setup-2.0.2.1012.exe
2014-06-04 01:58 - 2014-06-04 01:58 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Chaotic\Downloads\rkill.exe
2014-06-04 01:48 - 2014-06-04 01:48 - 00283984 _____ () C:\Windows\Minidump\060414-22183-01.dmp
2014-06-04 01:10 - 2014-06-04 01:10 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-04 00:57 - 2014-06-04 00:57 - 04673536 _____ () C:\Users\Chaotic\Downloads\RogueKiller.exe
2014-06-03 21:01 - 2014-06-04 00:19 - 00000360 _____ () C:\Windows\Tasks\HPCeeScheduleForBritani.job
2014-06-02 19:00 - 2014-06-02 19:13 - 00069546 _____ () C:\Windows\SysWOW64\AppLog.log
2014-05-27 19:54 - 2014-05-27 19:54 - 00000000 ____D () C:\Users\Chaotic\Documents\Fax
2014-05-27 18:24 - 2014-05-27 18:24 - 00000000 ____D () C:\Users\Chaotic\AppData\Local\Downloaded Installations
2014-05-26 14:59 - 2014-05-26 14:59 - 00000000 ____D () C:\Users\Chaotic\Downloads\Theme - Flat - Imgur
2014-05-26 14:30 - 2014-05-26 14:30 - 00409922 _____ () C:\Users\Chaotic\Downloads\Theme - Flat - Imgur.zip
2014-05-24 12:03 - 2014-05-24 12:03 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-05-22 21:01 - 2014-06-03 21:01 - 00003178 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForBritani
2014-05-20 18:16 - 2014-05-20 20:06 - 00000000 ____D () C:\Users\Chaotic\AppData\Roaming\Magic Set Editor
2014-05-20 18:15 - 2014-05-20 18:15 - 00001072 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic

Set Editor.lnk
2014-05-20 18:14 - 2014-05-20 18:14 - 00000000 ____D () C:\Program Files (x86)\Magic Set Editor 2
2014-05-20 11:44 - 2014-06-04 01:48 - 572585038 _____ () C:\Windows\MEMORY.DMP
2014-05-20 11:44 - 2014-05-20 11:45 - 00538416 _____ () C:\Windows\Minidump\052014-26020-01.dmp
2014-05-17 22:13 - 2014-05-17 22:14 - 00542112 _____ () C:\Windows\Minidump\051714-25630-01.dmp
2014-05-16 19:49 - 2014-05-01 15:37 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows

\SysWOW64\FlashPlayerApp.exe
2014-05-16 19:49 - 2014-05-01 15:37 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows

\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 12:38 - 2014-05-20 18:57 - 00000000 ____D () C:\ProgramData\EPSON
2014-05-15 12:38 - 2014-05-15 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-05-15 12:38 - 2014-05-15 12:38 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2014-05-15 12:37 - 2012-09-20 04:13 - 00120320 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ILMIBE.DLL
2014-05-15 12:37 - 2012-09-20 04:13 - 00120320 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ILMIBA.DLL
2014-05-15 12:37 - 2012-09-20 04:13 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ID4BIBE.DLL
2014-05-15 12:37 - 2012-09-20 04:13 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ID4BIBA.DLL
2014-05-15 12:37 - 2012-09-20 04:13 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL
2014-05-14 12:12 - 2014-03-28 14:19 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers

\WdBoot.sys
2014-05-14 12:12 - 2014-03-23 17:11 - 00269592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers

\WdFilter.sys
2014-05-14 10:59 - 2014-03-28 03:23 - 19759104 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 10:59 - 2014-03-28 01:18 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 02:14 - 2014-04-12 04:27 - 00172888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers

\ksecpkg.sys
2014-05-14 02:14 - 2014-04-12 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 02:14 - 2014-04-12 04:09 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2014-05-14 02:14 - 2014-04-12 04:09 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-05-14 02:14 - 2014-04-12 04:09 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 02:14 - 2014-04-12 04:09 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 02:14 - 2014-04-12 04:08 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 02:14 - 2014-04-12 04:08 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 02:14 - 2014-04-12 04:08 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-05-14 02:14 - 2014-04-12 04:08 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 02:14 - 2014-04-12 04:07 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 02:14 - 2014-04-12 02:23 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2014-05-14 02:14 - 2014-04-12 02:23 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-05-14 02:14 - 2014-04-12 02:23 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 02:14 - 2014-04-12 02:23 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 02:14 - 2014-04-12 02:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 02:14 - 2014-04-12 02:22 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 02:14 - 2014-04-12 02:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 02:14 - 2014-04-12 01:58 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\workerdd.dll
2014-05-14 02:14 - 2014-03-10 22:32 - 06987096 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 02:14 - 2014-03-10 22:25 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers

\ksecdd.sys
2014-05-14 02:14 - 2014-03-10 19:41 - 00559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 02:14 - 2014-03-10 19:41 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 02:14 - 2014-03-10 19:41 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 02:14 - 2014-03-10 19:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 02:14 - 2014-03-10 19:38 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 02:14 - 2014-03-10 19:38 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 02:14 - 2014-03-10 19:38 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 02:14 - 2014-03-10 19:38 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-05-14 02:14 - 2014-03-10 19:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 02:14 - 2014-03-10 19:38 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 02:14 - 2014-03-10 19:38 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 02:14 - 2014-03-09 22:05 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 02:14 - 2014-03-09 20:27 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 02:14 - 2014-03-03 18:07 - 00570216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-05-14 02:08 - 2014-03-28 03:23 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-05-14 02:03 - 2014-05-06 00:14 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 02:03 - 2014-05-06 00:14 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 02:03 - 2014-05-05 22:48 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 02:03 - 2014-05-05 22:48 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 02:03 - 2014-05-05 22:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 02:03 - 2014-05-05 22:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 02:01 - 2014-03-01 04:47 - 01258496 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-05-14 02:01 - 2014-03-01 04:47 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2014-05-14 02:01 - 2014-03-01 03:07 - 01075200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2014-05-14 02:01 - 2014-03-01 01:59 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-05-14 02:01 - 2014-02-26 18:18 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-05-14 02:01 - 2014-02-26 18:18 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers

\mrxsmb.sys
2014-05-14 02:01 - 2014-02-26 18:18 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers

\srvnet.sys
2014-05-14 02:01 - 2014-02-26 18:18 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers

\mrxsmb20.sys
2014-05-14 02:01 - 2014-02-14 23:15 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers

\IPMIDrv.sys
2014-05-10 21:05 - 2014-05-10 21:06 - 00541968 _____ () C:\Windows\Minidump\051014-24835-01.dmp
2014-05-10 11:23 - 2014-05-10 11:24 - 00540288 _____ () C:\Windows\Minidump\051014-32058-01.dmp
2014-05-09 12:52 - 2014-05-09 12:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-06 16:40 - 2014-04-19 04:39 - 00628024 _____ (Microsoft Corporation) C:\Windows

\system32\NotificationUI.exe
2014-05-06 16:40 - 2014-04-19 03:45 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-05-06 16:40 - 2014-04-19 03:45 - 00163840 _____ (Microsoft Corporation) C:\Windows

\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-06 16:40 - 2014-04-19 01:57 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-05-06 16:40 - 2014-04-19 01:57 - 00124928 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

==================== One Month Modified Files and Folders =======

2014-06-05 14:02 - 2014-06-05 14:02 - 00017510 _____ () C:\Users\Chaotic\Downloads\FRST.txt
2014-06-05 14:02 - 2014-06-04 14:39 - 00000000 ____D () C:\FRST
2014-06-05 14:02 - 2013-02-28 12:30 - 00000000 ____D () C:\Users\Chaotic\AppData\Local\Temp
2014-06-05 14:02 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\sru
2014-06-05 14:01 - 2013-02-28 12:42 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache

Files-S-1-5-21-1708918778-1039857295-3247248500-1002
2014-06-05 13:56 - 2014-06-05 13:56 - 00000000 ____D () C:\Users\Chaotic\Desktop\Repair
2014-06-05 13:55 - 2013-02-28 17:29 - 00000312 _____ () C:\Windows\Tasks\NUAutoUpdate.job
2014-06-05 13:55 - 2012-09-22 02:00 - 00004524 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI
2014-06-05 13:55 - 2012-08-17 00:55 - 00000000 ____D () C:\ProgramData\Temp
2014-06-05 13:55 - 2012-08-10 19:45 - 00000821 _____ () C:\Windows\SysWOW64\bscs.ini
2014-06-05 13:55 - 2012-07-26 02:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-05 13:52 - 2013-03-03 02:00 - 00000000 ____D () C:\Users\Chaotic\AppData\Local\CrashDumps
2014-06-05 13:49 - 2014-06-04 13:17 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers

\mbamchameleon.sys
2014-06-05 13:32 - 2013-11-16 14:24 - 00000000 ____D () C:\Windows\pss
2014-06-05 13:24 - 2013-02-28 12:31 - 01123134 _____ () C:\Windows\WindowsUpdate.log
2014-06-05 13:17 - 2012-09-22 02:00 - 00000043 _____ () C:\Windows\SysWOW64\LOCALDEVICE.INI
2014-06-05 13:06 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-06-05 12:56 - 2014-06-05 12:55 - 00380416 _____ () C:\Users\Chaotic\Downloads\7drzd8u3.exe
2014-06-05 12:30 - 2014-04-21 21:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-05 12:27 - 2014-06-05 12:27 - 04745728 _____ (AVAST Software) C:\Users\Chaotic\Downloads\aswMBR.exe
2014-06-05 09:45 - 2014-06-05 09:45 - 00000000 ____D () C:\Windows\ERUNT
2014-06-05 09:44 - 2014-06-05 09:44 - 01016261 _____ (Thisisu) C:\Users\Chaotic\Downloads\JRT.exe
2014-06-05 09:40 - 2012-08-03 17:23 - 00852076 _____ () C:\Windows\PFRO.log
2014-06-05 09:39 - 2014-06-05 09:37 - 00000000 ____D () C:\AdwCleaner
2014-06-05 09:37 - 2014-06-05 09:37 - 01327971 _____ () C:\Users\Chaotic\Downloads\AdwCleaner.exe
2014-06-05 09:13 - 2013-02-28 13:46 - 00000000 ____D () C:\Users\Chaotic\AppData\Local\Adobe
2014-06-04 14:38 - 2014-06-04 14:38 - 02068992 _____ (Farbar) C:\Users\Chaotic\Downloads\FRST64.exe
2014-06-04 13:17 - 2014-06-04 13:17 - 00001122 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-04 13:17 - 2014-06-04 13:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs

\Malwarebytes Anti-Malware
2014-06-04 13:17 - 2014-06-04 13:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-04 13:16 - 2014-06-04 13:14 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Chaotic\Downloads\mbam-

setup-2.0.2.1012.exe
2014-06-04 01:58 - 2014-06-04 01:58 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Chaotic\Downloads\rkill.exe
2014-06-04 01:48 - 2014-06-04 01:48 - 00283984 _____ () C:\Windows\Minidump\060414-22183-01.dmp
2014-06-04 01:48 - 2014-05-20 11:44 - 572585038 _____ () C:\Windows\MEMORY.DMP
2014-06-04 01:48 - 2013-03-05 22:13 - 00000000 ____D () C:\Windows\Minidump
2014-06-04 01:10 - 2014-06-04 01:10 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-04 00:57 - 2014-06-04 00:57 - 04673536 _____ () C:\Users\Chaotic\Downloads\RogueKiller.exe
2014-06-04 00:19 - 2014-06-03 21:01 - 00000360 _____ () C:\Windows\Tasks\HPCeeScheduleForBritani.job
2014-06-03 21:01 - 2014-05-22 21:01 - 00003178 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForBritani
2014-06-03 21:01 - 2013-02-28 12:30 - 00000000 ____D () C:\Users\Chaotic
2014-06-03 20:17 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-06-02 19:13 - 2014-06-02 19:00 - 00069546 _____ () C:\Windows\SysWOW64\AppLog.log
2014-06-02 19:13 - 2014-04-09 19:04 - 00000304 _____ () C:\Windows\Tasks\NUSchedule.job
2014-06-02 13:22 - 2013-02-28 16:56 - 00000024 _____ () C:\SROF.ini
2014-05-29 22:27 - 2013-12-16 09:09 - 00000000 ____D () C:\Users\Chaotic\Documents\Compass Stuff
2014-05-27 19:54 - 2014-05-27 19:54 - 00000000 ____D () C:\Users\Chaotic\Documents\Fax
2014-05-27 18:24 - 2014-05-27 18:24 - 00000000 ____D () C:\Users\Chaotic\AppData\Local\Downloaded Installations
2014-05-27 18:13 - 2012-07-26 02:28 - 00941114 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-27 18:05 - 2012-09-22 02:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-05-27 18:05 - 2012-09-22 02:15 - 00000000 ____D () C:\Program Files (x86)\HP SimplePass
2014-05-27 18:03 - 2012-09-22 02:14 - 00000000 ____D () C:\ProgramData\Downloaded Installations
2014-05-26 14:59 - 2014-05-26 14:59 - 00000000 ____D () C:\Users\Chaotic\Downloads\Theme - Flat - Imgur
2014-05-26 14:30 - 2014-05-26 14:30 - 00409922 _____ () C:\Users\Chaotic\Downloads\Theme - Flat - Imgur.zip
2014-05-24 21:53 - 2013-10-27 18:41 - 00000000 ____D () C:\Users\Chaotic\AppData\Roaming\vlc
2014-05-24 15:18 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\rescache
2014-05-24 12:03 - 2014-05-24 12:03 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-05-24 11:53 - 2014-03-19 13:46 - 00447600 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-22 06:25 - 2013-02-28 16:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-22 06:25 - 2012-07-26 00:26 - 00000167 _____ () C:\Windows\win.ini
2014-05-22 06:21 - 2013-03-01 14:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs

\Microsoft Office 2013
2014-05-21 14:17 - 2014-03-29 22:44 - 00000000 ____D () C:\Users\Chaotic\Downloads\Random
2014-05-20 20:06 - 2014-05-20 18:16 - 00000000 ____D () C:\Users\Chaotic\AppData\Roaming\Magic Set Editor
2014-05-20 18:58 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-05-20 18:57 - 2014-05-15 12:38 - 00000000 ____D () C:\ProgramData\EPSON
2014-05-20 18:15 - 2014-05-20 18:15 - 00001072 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic

Set Editor.lnk
2014-05-20 18:14 - 2014-05-20 18:14 - 00000000 ____D () C:\Program Files (x86)\Magic Set Editor 2
2014-05-20 11:45 - 2014-05-20 11:44 - 00538416 _____ () C:\Windows\Minidump\052014-26020-01.dmp
2014-05-17 22:14 - 2014-05-17 22:13 - 00542112 _____ () C:\Windows\Minidump\051714-25630-01.dmp
2014-05-16 19:50 - 2013-02-28 12:35 - 00000000 ___RD () C:\Users\Chaotic\AppData\Roaming\Microsoft\Windows\Start

Menu\Programs\Startup
2014-05-16 19:50 - 2013-02-28 12:35 - 00000000 ___RD () C:\Users\Chaotic\AppData\Roaming\Microsoft\Windows\Start

Menu\Programs\Administrative Tools
2014-05-16 19:44 - 2012-07-26 03:12 - 00000000 ___RD () C:\Windows\ToastData
2014-05-16 19:44 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start

Menu\Programs\System Tools
2014-05-16 19:44 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows

\Start Menu\Programs\System Tools
2014-05-16 19:44 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-05-16 19:44 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-16 19:44 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-15 12:38 - 2014-05-15 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-05-15 12:38 - 2014-05-15 12:38 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2014-05-14 23:38 - 2012-07-26 02:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-05-14 23:33 - 2013-08-14 17:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 23:30 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-05-14 23:29 - 2013-03-01 16:06 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-13 22:32 - 2014-04-21 21:35 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-12 07:26 - 2014-06-04 13:17 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers

\mwac.sys
2014-05-12 07:25 - 2014-06-04 13:17 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers

\mbam.sys
2014-05-10 21:06 - 2014-05-10 21:05 - 00541968 _____ () C:\Windows\Minidump\051014-24835-01.dmp
2014-05-10 11:24 - 2014-05-10 11:23 - 00540288 _____ () C:\Windows\Minidump\051014-32058-01.dmp
2014-05-10 11:23 - 2013-02-28 13:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-09 17:22 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-09 12:52 - 2014-05-09 12:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-06 19:30 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\WinStore
2014-05-06 00:14 - 2014-05-14 02:03 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 00:14 - 2014-05-14 02:03 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-05-14 02:14] - [2014-04-12 04:10] - 0578048 ____A (Microsoft Corporation) 75DD70A14145499C9F7D903CF9A8C91B

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-06-05 09:24

==================== End Of Log ============================

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept