Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

URL:Mal on my Windows 8 laptop


  • This topic is locked This topic is locked
26 replies to this topic

#1 Lambshots

Lambshots

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Conception Bay South, Newfoundland
  • Local time:03:27 AM

Posted 06 June 2014 - 07:43 PM

My computer is very slow and I keep getting pop-ups saying "Threat Blocked" on my Avast Antivirus.  I did do a scan with Adware and it is listed below:

 

# AdwCleaner v3.212 - Report created 06/06/2014 at 22:05:24
# Updated 05/06/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : MARG - MARGS-HP
# Running from : C:\Users\MARG\Desktop\adwcleaner_3.212.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Users\MARG\AppData\Roaming\ParetoLogic

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKLM\Software\ParetoLogic

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17037

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [6803 octets] - [04/06/2014 22:41:35]
AdwCleaner[R1].txt - [871 octets] - [05/06/2014 11:42:51]
AdwCleaner[R2].txt - [930 octets] - [05/06/2014 11:44:23]
AdwCleaner[R3].txt - [935 octets] - [06/06/2014 12:34:53]
AdwCleaner[R4].txt - [994 octets] - [06/06/2014 12:36:23]
AdwCleaner[R5].txt - [1279 octets] - [06/06/2014 21:59:24]
AdwCleaner[S0].txt - [6614 octets] - [04/06/2014 22:56:33]
AdwCleaner[S1].txt - [994 octets] - [05/06/2014 11:45:24]
AdwCleaner[S2].txt - [1163 octets] - [06/06/2014 22:05:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1223 octets] ##########



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 AM

Posted 11 June 2014 - 07:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/536905 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:57 AM

Posted 13 June 2014 - 10:28 AM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now :thumbup2:

==========================
 
Hi Lambshots,
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • FRST.txt
  • Addition.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#4 Lambshots

Lambshots
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Conception Bay South, Newfoundland
  • Local time:03:27 AM

Posted 14 June 2014 - 06:37 AM

Please forgive me Toffee ... I am working a string of Overnight Shifts at the hospital and I am soooo tired :smash: .  Here is what you requested (2 files to be copied and pasted):

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 02
Ran by MARG (administrator) on MARGS-HP on 14-06-2014 08:56:58
Running from C:\Users\MARG\Desktop
Platform: Windows 8.1 (Update 1) (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
() C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\livecomm.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-17] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [387832 2013-05-14] (IVT Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-12-23] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-11-14] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-05-23] (AVAST Software)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-12-25] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-02-13] (Hewlett-Packard Company)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-27] (Hewlett-Packard)
HKU\S-1-5-21-1413521496-215779930-569090779-1002\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-01-27] (Google Inc.)
HKU\S-1-5-21-1413521496-215779930-569090779-1002\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [4409480 2014-03-12] (Plex, Inc.)
HKU\S-1-5-21-1413521496-215779930-569090779-1002\...\Run: [AVG-Secure-Search-Update_0414c] => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2725912 2014-04-21] ()
HKU\S-1-5-21-1413521496-215779930-569090779-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1717000 2014-02-21] (CyberLink Corp.)
HKU\S-1-5-21-1413521496-215779930-569090779-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1413521496-215779930-569090779-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1413521496-215779930-569090779-1002\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)
Startup: C:\Users\MARG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\MARG\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON13/4
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {696BEDDC-EDD9-40C1-9534-90D237CEA7EC} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 142.166.166.166

FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin HKCU: hp.com/HPDetect - C:\Users\MARG\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-23] (AVAST Software)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1630456 2013-06-07] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [145656 2013-05-14] (IVT Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904 2013-12-17] (Hewlett-Packard Company)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-12-25] (Hewlett-Packard Development Company, L.P.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-01-27] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
S2 vToolbarUpdater18.1.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-23] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-23] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98744 2013-04-24] (Advanced Micro Devices)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [50464 2014-06-03] (AVG Technologies)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
S3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthHFEnum;
U4 bthhfhid;
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [54064 2013-04-26] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-01-27] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290008 2014-01-29] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-01-27] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-06-04] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [33008 2013-06-04] (Synaptics Incorporated)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-14 08:56 - 2014-06-14 08:57 - 00019274 _____ () C:\Users\MARG\Desktop\FRST.txt
2014-06-14 08:56 - 2014-06-14 08:57 - 00000000 ____D () C:\FRST
2014-06-14 08:55 - 2014-06-14 08:55 - 02081792 _____ (Farbar) C:\Users\MARG\Desktop\FRST64.exe
2014-06-14 08:42 - 2014-06-14 08:42 - 00688992 _____ (Swearware) C:\Users\MARG\Desktop\dds.com
2014-06-13 17:43 - 2014-06-14 03:19 - 00000000 ____D () C:\Users\MARG\Downloads\Son of God (2014) [1080p]
2014-06-13 03:58 - 2014-06-14 03:11 - 00000000 ____D () C:\Users\MARG\Downloads\A.Haunting.S05E08
2014-06-13 03:53 - 2014-06-14 03:23 - 00000000 ____D () C:\Users\MARG\Downloads\A.Haunting.S05E10.Deaths.Door.HDTV.x264-tNe
2014-06-13 03:52 - 2014-06-14 03:23 - 00000000 ____D () C:\Users\MARG\Downloads\A.Haunting.S05E05.Dark.Dreams.HDTV.x264-tNe
2014-06-13 03:52 - 2014-06-14 03:23 - 00000000 ____D () C:\Users\MARG\Downloads\A.Haunting.S05E04.House.of.Horrors.HDTV.x264-tNe
2014-06-13 03:52 - 2014-06-14 03:23 - 00000000 ____D () C:\Users\MARG\Downloads\A.Haunting.S05E03.Nightmare.in.Bridgeport.HDTV.x264-tNe
2014-06-13 03:51 - 2014-06-14 03:11 - 00000000 ____D () C:\Users\MARG\Downloads\A.Haunting.S05E02
2014-06-13 03:50 - 2014-06-14 03:11 - 00000000 ____D () C:\Users\MARG\Downloads\A Haunting S06E02 Well to Hell  HDTV x264-SPASM
2014-06-13 03:48 - 2014-06-14 03:11 - 00000000 ____D () C:\Users\MARG\Downloads\A Haunting S06E03 Black Magic HDTV x264-SPASM
2014-06-13 02:05 - 2014-05-19 04:01 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe
2014-06-13 02:05 - 2014-05-19 03:51 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2014-06-13 02:05 - 2014-05-19 02:53 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvinst.exe
2014-06-13 02:05 - 2014-05-05 01:32 - 03360256 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-06-13 02:02 - 2014-05-01 11:01 - 03048904 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2014-06-13 02:02 - 2014-05-01 11:01 - 00055328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
2014-06-13 02:02 - 2014-05-01 04:44 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2014-06-13 02:02 - 2014-05-01 04:35 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2014-06-13 02:02 - 2014-05-01 04:21 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2014-06-13 02:02 - 2014-05-01 02:54 - 02834944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpccpl.dll
2014-06-13 00:56 - 2014-06-13 00:58 - 00000000 ____D () C:\Users\MARG\Downloads\Dual.Survival.S04E08.On.the.Edge.480p.HDTV.x264-mSD
2014-06-13 00:49 - 2014-06-14 03:11 - 00000000 ____D () C:\Users\MARG\Downloads\Hells Kitchen US S12E14 PDTV x264-LOL[ettv]
2014-06-11 23:44 - 2014-06-11 23:44 - 00000000 ____D () C:\Users\MARG\Downloads\Doyle, Patrick H.T_
2014-06-11 22:06 - 2014-06-11 22:12 - 410689137 _____ () C:\Users\MARG\Downloads\Deadliest.Catch.S10E08.HDTV.x264-KILLERS.mp4
2014-06-10 20:42 - 2014-06-10 20:45 - 263776891 _____ () C:\Users\MARG\Downloads\Rookie.Blue.S05E04.HDTV.x264-2HD.mp4
2014-06-10 20:41 - 2014-06-10 20:44 - 310390408 _____ () C:\Users\MARG\Downloads\Mistresses.US.S02E02.HDTV.x264-LOL.mp4
2014-06-10 20:39 - 2014-06-10 20:47 - 427783806 _____ () C:\Users\MARG\Downloads\MasterChef.US.S05E03.HDTV.x264-LOL.mp4
2014-06-10 20:32 - 2014-06-10 20:36 - 300211970 _____ () C:\Users\MARG\Downloads\Murder.in.the.First.S01E01.HDTV.x264-LOL.mp4
2014-06-09 23:13 - 2014-06-14 03:11 - 00000000 ____D () C:\Users\MARG\Downloads\A.Haunting.at.Silver.Falls.2013.DVDRip.XviD.AC3-RARBG
2014-06-09 23:12 - 2014-06-10 20:34 - 00000000 ____D () C:\Users\MARG\Downloads\A Haunting S06E01 Marked by Evil HDTV x264-SPASM
2014-06-08 13:44 - 2014-06-08 20:09 - 00000000 ____D () C:\Users\MARG\Downloads\A.Haunting.S05E07.Back.from.the.Grave.HDTV.x264-tNe
2014-06-07 13:08 - 2014-06-07 13:11 - 318549849 _____ () C:\Users\MARG\Downloads\The.Night.Shift.S01E02.HDTV.x264-LOL.mp4
2014-06-07 13:08 - 2014-06-07 13:10 - 311601173 _____ () C:\Users\MARG\Downloads\The.Night.Shift.S01E01.HDTV.x264-LOL.mp4
2014-06-07 11:01 - 2014-06-07 11:10 - 00000000 ____D () C:\Users\MARG\Downloads\Orange Is The New Black Season 1 - COMPLETE 720p x264 [MKV,AC3] Ehhhh
2014-06-06 22:06 - 2014-06-06 22:06 - 00000306 _____ () C:\WINDOWS\PFRO.log
2014-06-06 13:15 - 2014-06-06 13:15 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-06-06 12:50 - 2014-06-06 13:06 - 00000000 ____D () C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-06-06 12:47 - 2014-06-07 12:47 - 00000458 _____ () C:\WINDOWS\Tasks\ParetoLogic Update Version3_triggeronce.job
2014-06-06 12:47 - 2014-06-06 12:47 - 00002914 _____ () C:\WINDOWS\System32\Tasks\ParetoLogic Update Version3_triggeronce
2014-06-05 20:26 - 2014-06-14 08:11 - 01060766 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-04 22:42 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-06-04 13:35 - 2014-06-14 07:59 - 00003158 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForMARG
2014-06-04 13:35 - 2014-06-14 07:59 - 00000346 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForMARG.job
2014-06-04 09:28 - 2014-06-04 10:38 - 00033742 _____ () C:\Users\MARG\Desktop\Files - OneDrive.url.xlsx
2014-06-04 09:26 - 2014-06-04 09:26 - 00033749 _____ () C:\Users\MARG\Documents\SHIFTS WORKED.xlsx
2014-06-03 02:09 - 2014-06-03 02:18 - 282995130 _____ () C:\Users\MARG\Downloads\Rookie.Blue.S05E03.HDTV.x264-2HD.mp4
2014-06-02 09:42 - 2014-06-02 09:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-31 02:55 - 2014-05-31 17:42 - 97955332 _____ () C:\Users\MARG\Downloads\A.Haunting.S01E06.Darkness.Follows.divx
2014-05-31 02:45 - 2014-05-31 02:55 - 114593808 _____ () C:\Users\MARG\Downloads\A.Haunting.S01E05.Echoes.From.the.Grave.divx
2014-05-31 02:36 - 2014-05-31 02:45 - 96529012 _____ () C:\Users\MARG\Downloads\A.Haunting.S01E04.Cursed.divx
2014-05-29 20:19 - 2014-05-29 20:19 - 00001802 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-29 20:19 - 2014-05-29 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-29 20:18 - 2014-05-29 20:19 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-29 20:18 - 2014-05-29 20:19 - 00000000 ____D () C:\Program Files\iTunes
2014-05-29 20:18 - 2014-05-29 20:19 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-29 20:18 - 2014-05-29 20:18 - 00000000 ____D () C:\Program Files\iPod
2014-05-29 01:06 - 2014-06-08 13:36 - 00000000 ____D () C:\Users\MARG\Downloads\A Haunting - Season 4
2014-05-28 20:47 - 2014-05-28 20:51 - 305075579 _____ () C:\Users\MARG\Downloads\24.S09E02.HDTV.x264-LOL.mp4
2014-05-28 20:47 - 2014-05-28 20:50 - 376732964 _____ () C:\Users\MARG\Downloads\24.S09E01.HDTV.x264-LOL.mp4
2014-05-28 20:35 - 2014-05-28 20:37 - 271394927 _____ () C:\Users\MARG\Downloads\24.S09E04.HDTV.x264-LOL.mp4
2014-05-28 07:38 - 2014-05-29 20:27 - 00000000 ____D () C:\ProgramData\Avg_Update_0414c
2014-05-27 10:42 - 2014-05-27 10:45 - 287820087 _____ () C:\Users\MARG\Downloads\24.S09E05.HDTV.x264-LOL.mp4
2014-05-27 10:41 - 2014-05-27 10:46 - 306574558 _____ () C:\Users\MARG\Downloads\24.S09E03.HDTV.x264-LOL.mp4
2014-05-26 21:50 - 2014-06-01 01:43 - 00000000 ____D () C:\Users\MARG\Downloads\Orphan Black Season 1
2014-05-24 00:25 - 2014-05-24 00:28 - 344442842 _____ () C:\Users\MARG\Downloads\Blue.Bloods.S04E22.HDTV.x264-LOL.mp4
2014-05-23 21:07 - 2014-05-23 21:07 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-05-23 21:07 - 2014-05-23 21:07 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-05-20 22:10 - 2014-05-26 03:33 - 00000000 ____D () C:\Users\MARG\Downloads\Cold Case Season 2
2014-05-18 08:58 - 2014-03-13 05:12 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2014-05-18 08:58 - 2014-03-13 04:21 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2014-05-18 08:57 - 2014-05-06 02:10 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-18 08:57 - 2014-05-06 00:55 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-18 08:57 - 2014-05-06 00:30 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-18 08:57 - 2014-05-05 23:40 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-18 08:57 - 2014-04-11 07:33 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-05-18 08:57 - 2014-04-11 07:33 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-05-18 08:57 - 2014-04-11 05:55 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2014-05-18 08:57 - 2014-04-11 03:34 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-05-18 08:57 - 2014-04-11 03:23 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-05-18 08:57 - 2014-04-11 02:52 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-05-18 08:57 - 2014-04-11 01:24 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-05-18 08:57 - 2014-04-11 01:06 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-05-18 08:57 - 2014-04-11 00:54 - 13288960 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-05-18 08:57 - 2014-04-11 00:36 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-05-18 08:57 - 2014-04-11 00:35 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-18 08:57 - 2014-04-11 00:35 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-05-18 08:57 - 2014-04-11 00:32 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-18 08:57 - 2014-04-11 00:32 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-05-18 08:57 - 2014-04-11 00:31 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-05-18 08:57 - 2014-04-11 00:30 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-05-18 08:57 - 2014-04-11 00:29 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-05-18 08:57 - 2014-04-11 00:27 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-05-18 08:57 - 2014-04-11 00:26 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-05-18 08:57 - 2014-04-11 00:25 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-05-18 08:57 - 2014-04-11 00:23 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-05-18 08:57 - 2014-04-11 00:22 - 03464192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-05-18 08:57 - 2014-04-11 00:16 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-05-18 08:57 - 2014-04-11 00:06 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-05-18 08:57 - 2014-04-11 00:04 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-05-18 08:57 - 2014-04-10 23:59 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-05-18 08:57 - 2014-04-10 23:55 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-05-18 08:57 - 2014-03-24 00:00 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-05-18 08:57 - 2014-03-24 00:00 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-05-18 08:57 - 2014-03-23 23:57 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-05-18 08:55 - 2014-04-08 20:16 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll
2014-05-18 08:55 - 2014-04-08 20:16 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll
2014-05-18 08:55 - 2014-04-08 16:24 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll
2014-05-18 08:55 - 2014-04-08 16:24 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll
2014-05-18 08:55 - 2014-03-27 06:42 - 21225584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-05-18 08:55 - 2014-03-27 05:18 - 18679728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

==================== One Month Modified Files and Folders =======

2014-06-14 08:57 - 2014-06-14 08:56 - 00019274 _____ () C:\Users\MARG\Desktop\FRST.txt
2014-06-14 08:57 - 2014-06-14 08:56 - 00000000 ____D () C:\FRST
2014-06-14 08:57 - 2014-01-27 01:43 - 00000000 ____D () C:\Users\MARG\AppData\Local\Temp
2014-06-14 08:55 - 2014-06-14 08:55 - 02081792 _____ (Farbar) C:\Users\MARG\Desktop\FRST64.exe
2014-06-14 08:54 - 2013-08-22 13:06 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-06-14 08:42 - 2014-06-14 08:42 - 00688992 _____ (Swearware) C:\Users\MARG\Desktop\dds.com
2014-06-14 08:33 - 2014-01-27 21:38 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-14 08:32 - 2013-08-22 13:06 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-06-14 08:11 - 2014-06-05 20:26 - 01060766 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-14 07:59 - 2014-06-04 13:35 - 00003158 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForMARG
2014-06-14 07:59 - 2014-06-04 13:35 - 00000346 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForMARG.job
2014-06-14 07:59 - 2014-01-27 08:38 - 00000000 __RDO () C:\Users\MARG\SkyDrive
2014-06-14 07:59 - 2014-01-27 01:43 - 00000000 ____D () C:\Users\MARG
2014-06-14 07:59 - 2014-01-26 20:13 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{209462B5-A631-4DCC-B53A-1A21F9938CD4}
2014-06-14 07:58 - 2013-08-08 09:30 - 00003620 _____ () C:\WINDOWS\SysWOW64\LOCALSERVICE.INI
2014-06-14 07:58 - 2013-08-08 09:30 - 00000043 _____ () C:\WINDOWS\SysWOW64\LOCALDEVICE.INI
2014-06-14 07:58 - 2013-06-07 14:10 - 00001017 _____ () C:\WINDOWS\SysWOW64\bscs.ini
2014-06-14 06:29 - 2014-02-25 17:53 - 00000223 _____ () C:\WINDOWS\SysWOW64\REMOTEDEVICE.INI
2014-06-14 03:23 - 2014-06-13 03:53 - 00000000 ____D () C:\Users\MARG\Downloads\A.Haunting.S05E10.Deaths.Door.HDTV.x264-tNe
2014-06-14 03:23 - 2014-06-13 03:52 - 00000000 ____D () C:\Users\MARG\Downloads\A.Haunting.S05E05.Dark.Dreams.HDTV.x264-tNe
2014-06-14 03:23 - 2014-06-13 03:52 - 00000000 ____D () C:\Users\MARG\Downloads\A.Haunting.S05E04.House.of.Horrors.HDTV.x264-tNe
2014-06-14 03:23 - 2014-06-13 03:52 - 00000000 ____D () C:\Users\MARG\Downloads\A.Haunting.S05E03.Nightmare.in.Bridgeport.HDTV.x264-tNe
2014-06-14 03:19 - 2014-06-13 17:43 - 00000000 ____D () C:\Users\MARG\Downloads\Son of God (2014) [1080p]
2014-06-14 03:19 - 2014-01-31 20:13 - 03287552 ___SH () C:\Users\MARG\Downloads\Thumbs.db
2014-06-14 03:19 - 2014-01-27 20:51 - 00000000 ____D () C:\Users\MARG\AppData\Roaming\uTorrent
2014-06-14 03:11 - 2014-06-13 03:58 - 00000000 ____D () C:\Users\MARG\Downloads\A.Haunting.S05E08
2014-06-14 03:11 - 2014-06-13 03:51 - 00000000 ____D () C:\Users\MARG\Downloads\A.Haunting.S05E02
2014-06-14 03:11 - 2014-06-13 03:50 - 00000000 ____D () C:\Users\MARG\Downloads\A Haunting S06E02 Well to Hell  HDTV x264-SPASM
2014-06-14 03:11 - 2014-06-13 03:48 - 00000000 ____D () C:\Users\MARG\Downloads\A Haunting S06E03 Black Magic HDTV x264-SPASM
2014-06-14 03:11 - 2014-06-13 00:49 - 00000000 ____D () C:\Users\MARG\Downloads\Hells Kitchen US S12E14 PDTV x264-LOL[ettv]
2014-06-14 03:11 - 2014-06-09 23:13 - 00000000 ____D () C:\Users\MARG\Downloads\A.Haunting.at.Silver.Falls.2013.DVDRip.XviD.AC3-RARBG
2014-06-13 13:48 - 2013-08-22 13:06 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-06-13 02:21 - 2013-08-22 13:06 - 00000000 ____D () C:\WINDOWS\rescache
2014-06-13 02:19 - 2014-01-26 20:21 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1413521496-215779930-569090779-1002
2014-06-13 02:17 - 2014-01-27 19:39 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-06-13 02:17 - 2012-07-26 05:29 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-06-13 02:16 - 2014-01-27 19:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-13 02:12 - 2014-01-26 22:06 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-06-13 02:10 - 2014-01-26 22:06 - 95414520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-06-13 02:09 - 2013-08-22 13:06 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-06-13 01:58 - 2014-01-26 20:15 - 00000000 ____D () C:\Users\MARG\Documents\Youcam
2014-06-13 01:57 - 2014-03-03 09:04 - 00000000 ____D () C:\Users\MARG\AppData\Local\CrashDumps
2014-06-13 01:56 - 2014-01-27 18:50 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-06-13 01:55 - 2014-04-21 16:36 - 00000392 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0414c_rmv.job
2014-06-13 01:55 - 2014-04-21 16:36 - 00000392 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0414c_rel.job
2014-06-13 01:55 - 2014-03-10 18:34 - 00000374 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2014-06-13 01:55 - 2014-01-27 21:38 - 00000908 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-13 01:55 - 2013-08-22 12:15 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-13 01:53 - 2013-08-22 10:55 - 00786432 ___SH () C:\WINDOWS\system32\config\BBI
2014-06-13 00:58 - 2014-06-13 00:56 - 00000000 ____D () C:\Users\MARG\Downloads\Dual.Survival.S04E08.On.the.Edge.480p.HDTV.x264-mSD
2014-06-13 00:02 - 2014-01-26 20:10 - 00000000 ____D () C:\Users\MARG\AppData\Local\Packages
2014-06-12 14:29 - 2014-01-27 23:54 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-06-12 14:28 - 2014-01-27 23:54 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-06-12 00:34 - 2014-04-05 16:43 - 00104960 _____ () C:\Users\MARG\Documents\SHIFTS WORKED.xls
2014-06-12 00:33 - 2014-01-29 21:12 - 00000000 ___RD () C:\Users\MARG\Dropbox
2014-06-11 23:44 - 2014-06-11 23:44 - 00000000 ____D () C:\Users\MARG\Downloads\Doyle, Patrick H.T_
2014-06-11 22:12 - 2014-06-11 22:06 - 410689137 _____ () C:\Users\MARG\Downloads\Deadliest.Catch.S10E08.HDTV.x264-KILLERS.mp4
2014-06-10 21:49 - 2014-03-16 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2014-06-10 20:47 - 2014-06-10 20:39 - 427783806 _____ () C:\Users\MARG\Downloads\MasterChef.US.S05E03.HDTV.x264-LOL.mp4
2014-06-10 20:45 - 2014-06-10 20:42 - 263776891 _____ () C:\Users\MARG\Downloads\Rookie.Blue.S05E04.HDTV.x264-2HD.mp4
2014-06-10 20:44 - 2014-06-10 20:41 - 310390408 _____ () C:\Users\MARG\Downloads\Mistresses.US.S02E02.HDTV.x264-LOL.mp4
2014-06-10 20:36 - 2014-06-10 20:32 - 300211970 _____ () C:\Users\MARG\Downloads\Murder.in.the.First.S01E01.HDTV.x264-LOL.mp4
2014-06-10 20:34 - 2014-06-09 23:12 - 00000000 ____D () C:\Users\MARG\Downloads\A Haunting S06E01 Marked by Evil HDTV x264-SPASM
2014-06-08 20:09 - 2014-06-08 13:44 - 00000000 ____D () C:\Users\MARG\Downloads\A.Haunting.S05E07.Back.from.the.Grave.HDTV.x264-tNe
2014-06-08 13:36 - 2014-05-29 01:06 - 00000000 ____D () C:\Users\MARG\Downloads\A Haunting - Season 4
2014-06-07 13:11 - 2014-06-07 13:08 - 318549849 _____ () C:\Users\MARG\Downloads\The.Night.Shift.S01E02.HDTV.x264-LOL.mp4
2014-06-07 13:10 - 2014-06-07 13:08 - 311601173 _____ () C:\Users\MARG\Downloads\The.Night.Shift.S01E01.HDTV.x264-LOL.mp4
2014-06-07 12:47 - 2014-06-06 12:47 - 00000458 _____ () C:\WINDOWS\Tasks\ParetoLogic Update Version3_triggeronce.job
2014-06-07 11:10 - 2014-06-07 11:01 - 00000000 ____D () C:\Users\MARG\Downloads\Orange Is The New Black Season 1 - COMPLETE 720p x264 [MKV,AC3] Ehhhh
2014-06-06 22:08 - 2014-05-13 21:30 - 00000000 ____D () C:\Users\MARG\AppData\Local\Apple
2014-06-06 22:06 - 2014-06-06 22:06 - 00000306 _____ () C:\WINDOWS\PFRO.log
2014-06-06 20:31 - 2013-08-22 13:06 - 00000000 ____D () C:\WINDOWS\registration
2014-06-06 15:09 - 2013-11-14 04:58 - 00965390 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-06-06 13:15 - 2014-06-06 13:15 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-06-06 13:06 - 2014-06-06 12:50 - 00000000 ____D () C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-06-06 12:47 - 2014-06-06 12:47 - 00002914 _____ () C:\WINDOWS\System32\Tasks\ParetoLogic Update Version3_triggeronce
2014-06-05 19:10 - 2014-03-03 10:25 - 00000000 ____D () C:\WINDOWS\Minidump
2014-06-05 19:10 - 2014-01-27 01:43 - 00000000 ___RD () C:\Users\MARG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-06-05 19:10 - 2013-08-22 13:06 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2014-06-05 19:10 - 2013-08-22 13:06 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-06-05 19:10 - 2013-08-22 13:06 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-05 19:10 - 2013-07-20 03:24 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2014-06-05 12:52 - 2014-01-29 20:04 - 00004954 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for MARGS-HP-MARG MARGS-HP
2014-06-04 16:22 - 2014-03-01 17:58 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-06-04 10:38 - 2014-06-04 09:28 - 00033742 _____ () C:\Users\MARG\Desktop\Files - OneDrive.url.xlsx
2014-06-04 09:26 - 2014-06-04 09:26 - 00033749 _____ () C:\Users\MARG\Documents\SHIFTS WORKED.xlsx
2014-06-03 11:42 - 2014-01-27 21:38 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-03 11:35 - 2014-03-01 13:31 - 00050464 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx64.sys
2014-06-03 02:18 - 2014-06-03 02:09 - 282995130 _____ () C:\Users\MARG\Downloads\Rookie.Blue.S05E03.HDTV.x264-2HD.mp4
2014-06-02 09:42 - 2014-06-02 09:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-01 01:43 - 2014-05-26 21:50 - 00000000 ____D () C:\Users\MARG\Downloads\Orphan Black Season 1
2014-05-31 17:42 - 2014-05-31 02:55 - 97955332 _____ () C:\Users\MARG\Downloads\A.Haunting.S01E06.Darkness.Follows.divx
2014-05-31 02:55 - 2014-05-31 02:45 - 114593808 _____ () C:\Users\MARG\Downloads\A.Haunting.S01E05.Echoes.From.the.Grave.divx
2014-05-31 02:45 - 2014-05-31 02:36 - 96529012 _____ () C:\Users\MARG\Downloads\A.Haunting.S01E04.Cursed.divx
2014-05-31 02:43 - 2013-08-22 13:08 - 00703992 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-31 02:43 - 2013-08-22 13:08 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-31 02:26 - 2014-02-04 03:16 - 00009728 _____ () C:\Users\MARG\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-29 20:27 - 2014-05-28 07:38 - 00000000 ____D () C:\ProgramData\Avg_Update_0414c
2014-05-29 20:19 - 2014-05-29 20:19 - 00001802 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-05-29 20:19 - 2014-05-29 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-05-29 20:19 - 2014-05-29 20:18 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-05-29 20:19 - 2014-05-29 20:18 - 00000000 ____D () C:\Program Files\iTunes
2014-05-29 20:19 - 2014-05-29 20:18 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-29 20:18 - 2014-05-29 20:18 - 00000000 ____D () C:\Program Files\iPod
2014-05-28 20:51 - 2014-05-28 20:47 - 305075579 _____ () C:\Users\MARG\Downloads\24.S09E02.HDTV.x264-LOL.mp4
2014-05-28 20:50 - 2014-05-28 20:47 - 376732964 _____ () C:\Users\MARG\Downloads\24.S09E01.HDTV.x264-LOL.mp4
2014-05-28 20:37 - 2014-05-28 20:35 - 271394927 _____ () C:\Users\MARG\Downloads\24.S09E04.HDTV.x264-LOL.mp4
2014-05-27 10:46 - 2014-05-27 10:41 - 306574558 _____ () C:\Users\MARG\Downloads\24.S09E03.HDTV.x264-LOL.mp4
2014-05-27 10:45 - 2014-05-27 10:42 - 287820087 _____ () C:\Users\MARG\Downloads\24.S09E05.HDTV.x264-LOL.mp4
2014-05-26 03:37 - 2014-05-10 13:26 - 00000000 ____D () C:\Users\MARG\Downloads\Hawaii Five-0 2010 S04E22 HDTV x264-LOL[ettv]
2014-05-26 03:33 - 2014-05-20 22:10 - 00000000 ____D () C:\Users\MARG\Downloads\Cold Case Season 2
2014-05-26 03:33 - 2014-05-07 14:45 - 00000000 ____D () C:\Users\MARG\Downloads\Cold Case Season 1
2014-05-26 03:29 - 2014-02-03 21:15 - 00000000 ____D () C:\Users\MARG\Downloads\Runner Runner (2013) [1080p]
2014-05-24 00:28 - 2014-05-24 00:25 - 344442842 _____ () C:\Users\MARG\Downloads\Blue.Bloods.S04E22.HDTV.x264-LOL.mp4
2014-05-23 21:22 - 2013-08-22 10:55 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-05-23 21:08 - 2014-03-06 19:47 - 00085328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2014-05-23 21:08 - 2014-03-01 17:57 - 00001989 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-05-23 21:08 - 2014-03-01 17:56 - 01039096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-05-23 21:08 - 2014-03-01 17:56 - 00423240 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-05-23 21:07 - 2014-05-23 21:07 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-05-23 21:07 - 2014-05-23 21:07 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-05-23 21:07 - 2014-03-01 17:56 - 00334648 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-05-23 21:07 - 2014-03-01 17:56 - 00208416 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-05-23 21:07 - 2014-03-01 17:56 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2014-05-23 21:07 - 2014-03-01 17:56 - 00079184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-05-23 21:07 - 2014-03-01 17:56 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-05-20 15:42 - 2014-05-07 20:19 - 00000000 ____D () C:\Users\MARG\Downloads\3.Days.to.Kill.2014.EXTENDED.720p.BluRay.x264-SPARKS [PublicHD]
2014-05-19 18:54 - 2013-08-08 09:37 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-05-19 18:53 - 2012-08-03 21:32 - 00000000 ____D () C:\SWSetup
2014-05-19 04:01 - 2014-06-13 02:05 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe
2014-05-19 03:51 - 2014-06-13 02:05 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2014-05-19 02:53 - 2014-06-13 02:05 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvinst.exe
2014-05-18 09:36 - 2014-01-26 20:14 - 00000000 ___RD () C:\Users\MARG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-18 09:36 - 2014-01-26 20:14 - 00000000 ___RD () C:\Users\MARG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-18 09:34 - 2013-08-22 13:06 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-18 09:34 - 2013-08-22 13:06 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-18 09:34 - 2013-08-22 13:06 - 00000000 ____D () C:\WINDOWS\WinStore
2014-05-18 09:34 - 2013-08-22 13:06 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-18 09:34 - 2013-08-22 13:06 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-18 09:12 - 2013-08-22 13:06 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates
2014-05-18 08:58 - 2013-08-22 10:55 - 00000167 _____ () C:\WINDOWS\win.ini

Some content of TEMP:
====================
C:\Users\MARG\AppData\Local\Temp\Extract.exe
C:\Users\MARG\AppData\Local\Temp\ose00000.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-05 10:35

==================== End Of Log ============================

 

 

Here is the 2nd Log File:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2014 02
Ran by MARG at 2014-06-14 08:58:06
Running from C:\Users\MARG\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31395 - BitTorrent Inc.)
4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Accelerated Video Transcoding (Version: 12.10.100.30416 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{DEC772E6-D0C7-9964-5D30-DEC57EF1B26F}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2013.0416.2338.40605 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2013.0416.2338.40605 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0416.2338.40605 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0416.2338.40605 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0416.2338.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0416.2337.40605 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0416.2338.40605 - Advanced Micro Devices, Inc.) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.6.7225 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.6.7225 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.6.3728 - CyberLink Corp.) Hidden
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
Cyberlink PhotoDirector (x32 Version: 3.0.4.4824 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.6.3821 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.6.3821 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3021 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.4.3021 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)
CyberLink PowerDVD 12 (x32 Version: 12.0.3.3709 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 5.0.3.3907 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{AD09282B-E878-4C2C-914D-E67475E4729C}) (Version:  - Microsoft)
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.90 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.2 - Dropbox, Inc.)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP 3D DriveGuard (HKLM-x32\...\{F90A86C9-7779-47DD-AC06-8EE832C55F55}) (Version: 6.0.18.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKCU\...\HPConnectedMusic) (Version: 1.1 (build 96) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{394B14EA-B072-4440-9510-87797CB12371}) (Version: 2.20.21 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{61245005-66F1-4001-AEE8-2E2D36F65C28}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Postscript Converter (Version: 4.0.4100 - Hewlett-Packard) Hidden
HP Recovery Manager (x32 Version: 11.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6838.4521 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{23CCE784-A812-4647-AEFF-1DCCD4E57478}) (Version: 11.50.0000 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{F35EE4BC-95E1-4417-BA36-7C32FF24A59A}) (Version: 1.0.11 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{A48BD764-CFDF-40A5-A07A-710908044F5D}) (Version: 2.2.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Access MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4041.0512 - Microsoft Corporation)
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Word MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
OEM Application Profile (HKLM-x32\...\{548083DD-D99B-2CE1-8D2B-D78BEB834F7A}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Pinger (HKLM-x32\...\Pinger 1.1.1.2) (Version: 1.1.1.2 - Pinger Inc.)
Pinger (x32 Version: 1.1.1.2 - Pinger Inc.) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plex Media Server (HKLM-x32\...\{e9921c42-812d-4b39-9c02-612724349e82}) (Version: 0.9.907 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.907 - Plex, Inc.) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Ralink Bluetooth Stack64 (HKLM\...\{931210CE-36BC-BB05-9559-D2320932312E}) (Version: 11.0.738.3 - Mediatek)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.45.0 - Mediatek)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6950 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update for Microsoft Excel 2013 (KB2881014) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D8C78DED-3543-449A-8E3E-9391643EBB0E}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2881014) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{D8C78DED-3543-449A-8E3E-9391643EBB0E}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2881014) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUS_{D8C78DED-3543-449A-8E3E-9391643EBB0E}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2881014) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{D8C78DED-3543-449A-8E3E-9391643EBB0E}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2850074) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{F9F71CF8-8310-4EFC-869F-47BC0FEE269D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{EF77B4A6-DFEC-4010-A87D-9B6BF87FABEC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{62857CDD-2985-4939-91BA-19ED0B0031A5}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{0814662C-FD28-4DE0-ACE5-EE50D1D6C8FB}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2826040) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C4AEA56A-0759-4D08-9FAB-31A92137D0B8}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D692E9FF-84BF-4F44-A0EA-D58ECE0D538E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{290D80DE-03AB-47EC-9402-108AF4CE4F66}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2878313) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{98821750-2C79-4A07-9AE9-D2536FD9491D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880457) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{EC2AF602-2730-4B05-9438-06CDE43153F2}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880464) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{88B29AA5-71EE-4692-91E2-E89407F0B783}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880476) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D3FC5B59-0F86-4B9A-94DF-FC213DF4FA63}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880476) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D3FC5B59-0F86-4B9A-94DF-FC213DF4FA63}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8116ED50-F1E7-49E1-9D8D-421497D34B0F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880991) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUS_{F6CE638B-5A06-4EDD-A1FA-BFA827D14071}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880991) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUS_{927B47DF-91B2-4EBF-9B66-43B2C95E41BF}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880991) 64-Bit Edition (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}_Office15.PROPLUS_{E3852353-AB54-4642-B25F-6E9EB106388B}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0090-0409-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881018) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F0B3B3E0-40AC-4339-83F7-735DD302ADDE}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881018) 64-Bit Edition (HKLM\...\{90150000-00BA-0409-1000-0000000FF1CE}_Office15.PROPLUS_{F0B3B3E0-40AC-4339-83F7-735DD302ADDE}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881018) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F0B3B3E0-40AC-4339-83F7-735DD302ADDE}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881018) 64-Bit Edition (HKLM\...\{90150000-00C1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{F0B3B3E0-40AC-4339-83F7-735DD302ADDE}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2880458) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D2CD59AB-CA83-44D4-AEF8-E49A3FE8FD7F}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2880458) 64-Bit Edition (HKLM\...\{90150000-00A1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{D2CD59AB-CA83-44D4-AEF8-E49A3FE8FD7F}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2880458) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D2CD59AB-CA83-44D4-AEF8-E49A3FE8FD7F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2881000) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D3F7B995-360E-406A-B74B-5EA682159985}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2881000) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUS_{D3F7B995-360E-406A-B74B-5EA682159985}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2726952) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{03B2C707-503D-4979-8322-CA92C45AD6B4}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2726952) 64-Bit Edition (HKLM\...\{90150000-0019-0409-1000-0000000FF1CE}_Office15.PROPLUS_{03B2C707-503D-4979-8322-CA92C45AD6B4}) (Version:  - Microsoft)
Update for Microsoft Visio 2013 (KB2837632) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{97183E08-6B06-40F1-80A9-585C4AEF98F1}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BC51FE30-3A56-4802-8D9E-E9BC05B56B49}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2881005) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{125BAFEC-EB26-45C3-B97A-475162C6BDC0}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2881005) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{125BAFEC-EB26-45C3-B97A-475162C6BDC0}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2881005) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{125BAFEC-EB26-45C3-B97A-475162C6BDC0}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2881005) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{125BAFEC-EB26-45C3-B97A-475162C6BDC0}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Restore Points  =========================

11-06-2014 00:15:19 Plex Media Server
12-06-2014 16:56:15 HPSF Restore Point

==================== Hosts content: ==========================

2013-08-22 10:55 - 2013-08-22 10:55 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0042D888-D3C1-4369-9ADA-CF3ACC242781} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0F61F86D-8D03-4F3B-9CBD-0FDC841134B6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {19737D1F-4294-4508-9BCF-E963B20048CC} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-01-29] (Synaptics Incorporated)
Task: {1DF45269-45B4-4F1E-B8B8-1884A20C3338} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {289F5B7F-DBA1-4A42-B87B-B298C23846B3} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2D34016E-2C26-4CE6-BF5D-7403465E2BE3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3BF6CA3A-9A69-4F84-B671-AD7BF428F39A} - System32\Tasks\ParetoLogic Update Version3_triggeronce => c:\program files (x86)\common files\paretologic\uus3\Pareto_Update3.exe
Task: {4170C767-F4EA-4E1E-B301-3A14820FA186} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {5B7B7877-092C-4FEE-A024-7EB41960C6E8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {60B3BC6B-3068-4C42-A2A3-6F0319B94FEB} - System32\Tasks\HPCeeScheduleForMARG => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {76CFEFCD-B64C-4B87-A0DC-D32E354CAB08} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {76FA5E68-FC2D-41A6-BF72-D5F7899FB96C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-06-13] (Microsoft Corporation)
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {99C4B590-46BB-4584-AC33-097498CD1E1C} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-09-10] (Hewlett-Packard Development Company, L.P.)
Task: {9EF5FF67-277E-4383-AEDC-D98C3799F5A4} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {AD804461-434A-4AAE-A105-9E798E9471D2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {BB68D2B0-5319-449B-BAC1-35652BEC5472} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {C0A0FB2D-DB5B-4C5F-B1E1-0B9D282E6E74} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {C4FA30A3-FDB5-4D58-AFA5-304AAC2A0109} - System32\Tasks\AVG-Secure-Search-Update_0414c_rel => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2014-04-21] ()
Task: {C5F33B02-8BB9-4AF8-AA8E-87FA420469F2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D08863D2-15DE-426F-A4BA-BB8BBEB942FE} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DEC3702C-566C-4B19-A1B0-E18CBB2436DC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-27] (Google Inc.)
Task: {DFD596C9-585F-4C96-A524-CB008A3DC64C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-27] (Google Inc.)
Task: {E5AB0801-7593-47B1-9512-B5448F1BE9B4} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1413521496-215779930-569090779-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EE0D7939-68DE-411E-A325-6F7C566A1D5D} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)
Task: {F1CA1158-A995-4134-A930-EF32B2DFF0E6} - System32\Tasks\AVG-Secure-Search-Update_0414c_rmv => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2014-04-21] ()
Task: {F47C79B0-B758-4DBC-B3C6-A98A89E58A27} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-23] (AVAST Software)
Task: {FE08D680-BEDC-438F-88A5-CF12BCB63535} - System32\Tasks\Microsoft Office 15 Sync Maintenance for MARGS-HP-MARG MARGS-HP => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-04-08] (Microsoft Corporation)
Task: {FFD312DF-5B7B-43DD-8552-48AFF2063D48} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0414c_rel.job => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0414c_rmv.job => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForMARG.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\ParetoLogic Update Version3_triggeronce.job => c:\program files (x86)\common files\paretologic\uus3\Pareto_Update3.exe

==================== Loaded Modules (whitelisted) =============

2014-05-14 08:15 - 2014-05-14 08:15 - 08890536 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-05-14 22:03 - 2013-05-14 22:03 - 00371448 _____ () C:\Windows\system32\BsExtendFunc.dll
2013-05-14 22:03 - 2013-05-14 22:03 - 00029432 _____ () C:\Windows\system32\BsTrace.dll
2013-05-14 22:03 - 2013-05-14 22:03 - 00016632 _____ () C:\Windows\system32\BsHelpCSps.dll
2013-05-14 22:03 - 2013-05-14 22:03 - 00062200 _____ () C:\Windows\system32\BlueSoleilCSps.dll
2014-04-21 16:36 - 2014-04-21 16:36 - 02725912 _____ () C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
2013-04-17 04:20 - 2013-04-17 04:20 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-04-17 04:20 - 2013-04-17 04:20 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-11-14 22:18 - 2013-11-14 22:18 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-05-23 08:05 - 2014-05-23 08:05 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-06-13 13:53 - 2014-06-13 13:53 - 02775040 _____ () C:\Program Files\AVAST Software\Avast\defs\14061300\algo.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-14 22:03 - 2013-05-14 22:03 - 00029432 _____ () C:\WINDOWS\SYSTEM32\BsTrace.dll
2013-05-14 22:03 - 2013-05-14 22:03 - 00016632 _____ () C:\Windows\SYSTEM32\BsHelpCSps.dll
2013-05-14 22:03 - 2013-05-14 22:03 - 00062200 _____ () C:\Windows\SYSTEM32\BlueSoleilCSps.dll
2013-05-24 14:52 - 2013-05-24 14:52 - 00334648 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll
2011-07-05 15:23 - 2011-07-05 15:23 - 00012800 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\AMP\IVTAMPRL.dll
2014-03-12 19:56 - 2014-03-12 19:56 - 00840840 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2014-03-12 19:56 - 2014-03-12 19:56 - 00051848 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2014-03-12 19:56 - 2014-03-12 19:56 - 00089224 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2014-03-12 19:56 - 2014-03-12 19:56 - 07605400 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avcodec-54.dll
2014-03-12 19:56 - 2014-03-12 19:56 - 01453720 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avformat-54.dll
2014-03-12 19:56 - 2014-03-12 19:56 - 00202392 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avutil-52.dll
2014-03-12 19:56 - 2014-03-12 19:56 - 00352920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\swscale-2.dll
2014-03-12 19:57 - 2014-03-12 19:57 - 00507528 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2014-03-12 19:57 - 2014-03-12 19:57 - 08495240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\WebKit.dll
2014-03-12 19:57 - 2014-03-12 19:57 - 00073352 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2014-03-12 19:56 - 2014-03-12 19:56 - 00195720 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2014-03-12 19:56 - 2014-03-12 19:56 - 00952968 _____ () C:\Program Files (x86)\Plex\Plex Media Server\CFLite.dll
2014-03-12 19:56 - 2014-03-12 19:56 - 01291400 _____ () C:\Program Files (x86)\Plex\Plex Media Server\JavaScriptCore.dll
2014-03-12 19:56 - 2014-03-12 19:56 - 01038984 _____ () C:\Program Files (x86)\Plex\Plex Media Server\cairo.dll
2014-03-12 19:57 - 2014-03-12 19:57 - 00073352 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib1.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-03-12 19:57 - 2014-03-12 19:57 - 00045192 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2014-03-12 19:57 - 2014-03-12 19:57 - 00028808 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2014-03-12 19:57 - 2014-03-12 19:57 - 00019080 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2014-03-12 19:57 - 2014-03-12 19:57 - 00032392 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2014-03-12 19:57 - 2014-03-12 19:57 - 00836744 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2014-03-12 19:56 - 2014-03-12 19:56 - 00062600 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2014-03-12 19:56 - 2014-03-12 19:56 - 00166024 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2014-03-12 19:57 - 2014-03-12 19:57 - 00192648 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2014-03-12 19:57 - 2014-03-12 19:57 - 00016520 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2014-03-12 19:57 - 2014-03-12 19:57 - 00056456 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
2014-03-12 19:57 - 2014-03-12 19:57 - 00018056 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
2014-03-12 19:57 - 2014-03-12 19:57 - 00044680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
2014-03-12 19:57 - 2014-03-12 19:57 - 00083080 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2014-03-12 19:57 - 2014-03-12 19:57 - 00111752 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2014-03-12 19:57 - 2014-03-12 19:57 - 00692360 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2014-03-01 17:55 - 2014-03-01 17:55 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-11-14 22:19 - 2013-11-14 22:19 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\MARG\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKCU\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKCU\...\StartupApproved\Run: => "swg"
HKCU\...\StartupApproved\Run: => "Power2GoExpress8"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/13/2014 06:11:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 408

Start Time: 01cf874724c0bced

Termination Time: 4294967295

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

Report Id: 18e238d9-f33b-11e3-befb-8056f26390d0

Faulting package full name: Facebook.Facebook_1.3.0.9_x64__8xx8rvfyw5nnt

Faulting package-relative application ID: App

Error: (06/13/2014 01:56:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AppleIEDAV.exe, version: 1.2.12.0, time stamp: 0x52867716
Faulting module name: ntdll.dll, version: 6.3.9600.17031, time stamp: 0x5308893d
Exception code: 0xc0000005
Fault offset: 0x00040d37
Faulting process id: 0x14ac
Faulting application start time: 0xAppleIEDAV.exe0
Faulting application path: AppleIEDAV.exe1
Faulting module path: AppleIEDAV.exe2
Report Id: AppleIEDAV.exe3
Faulting package full name: AppleIEDAV.exe4
Faulting package-relative application ID: AppleIEDAV.exe5

Error: (06/12/2014 11:49:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(70:de:e2:a9:eb:6e@fe80::72de:e2ff:fea9:eb6e._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (06/12/2014 11:46:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24

Error: (06/12/2014 11:46:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23

Error: (06/12/2014 11:46:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22

Error: (06/12/2014 11:46:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 21

Error: (06/12/2014 11:46:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 20

Error: (06/12/2014 11:46:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 19

Error: (06/12/2014 11:46:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 18

System errors:
=============
Error: (06/14/2014 08:37:19 AM) (Source: DCOM) (EventID: 10010) (User: MARGS-HP)
Description: {14286318-B6CF-49A1-81FC-D74AD94902F9}

Error: (06/14/2014 08:34:17 AM) (Source: DCOM) (EventID: 10010) (User: MARGS-HP)
Description: {14286318-B6CF-49A1-81FC-D74AD94902F9}

Error: (06/14/2014 08:33:15 AM) (Source: DCOM) (EventID: 10010) (User: MARGS-HP)
Description: {14286318-B6CF-49A1-81FC-D74AD94902F9}

Error: (06/14/2014 08:31:35 AM) (Source: DCOM) (EventID: 10010) (User: MARGS-HP)
Description: {14286318-B6CF-49A1-81FC-D74AD94902F9}

Error: (06/14/2014 08:31:03 AM) (Source: DCOM) (EventID: 10010) (User: MARGS-HP)
Description: {14286318-B6CF-49A1-81FC-D74AD94902F9}

Error: (06/13/2014 03:29:40 PM) (Source: DCOM) (EventID: 10010) (User: MARGS-HP)
Description: {14286318-B6CF-49A1-81FC-D74AD94902F9}

Error: (06/13/2014 03:29:03 PM) (Source: DCOM) (EventID: 10010) (User: MARGS-HP)
Description: {14286318-B6CF-49A1-81FC-D74AD94902F9}

Error: (06/13/2014 03:22:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (06/13/2014 03:11:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Error: (06/13/2014 03:00:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%127

Microsoft Office Sessions:
=========================
Error: (06/13/2014 06:11:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.1638440801cf874724c0bced4294967295C:\WINDOWS\system32\backgroundTaskHost.exe18e238d9-f33b-11e3-befb-8056f26390d0Facebook.Facebook_1.3.0.9_x64__8xx8rvfyw5nntApp

Error: (06/13/2014 01:56:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AppleIEDAV.exe1.2.12.052867716ntdll.dll6.3.9600.170315308893dc000000500040d3714ac01cf86bfa24c7365C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exeC:\WINDOWS\SYSTEM32\ntdll.dlleafcc4fa-f2b2-11e3-befb-8056f26390d0

Error: (06/12/2014 11:49:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(70:de:e2:a9:eb:6e@fe80::72de:e2ff:fea9:eb6e._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (06/12/2014 11:46:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24

Error: (06/12/2014 11:46:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23

Error: (06/12/2014 11:46:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22

Error: (06/12/2014 11:46:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 21

Error: (06/12/2014 11:46:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 20

Error: (06/12/2014 11:46:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 19

Error: (06/12/2014 11:46:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 18

CodeIntegrity Errors:
===================================
  Date: 2014-06-13 01:54:55.462
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\BtAudioBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-06-07 23:38:55.814
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\BtAudioBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-06-06 22:06:39.212
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\BtAudioBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-06-06 20:51:47.524
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\BtAudioBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-06-06 12:24:38.321
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\BtAudioBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-06-05 12:05:11.008
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\BtAudioBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-06-05 12:01:47.016
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\BtAudioBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-06-05 11:46:37.613
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\BtAudioBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-06-04 22:58:26.608
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\BtAudioBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-06-04 16:19:51.184
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\BtAudioBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 29%
Total physical RAM: 7366.26 MB
Available physical RAM: 5200.17 MB
Total Pagefile: 8518.26 MB
Available Pagefile: 6067.32 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:906.36 GB) (Free:729.74 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:24.04 GB) (Free:2.35 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: BC9E3119)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

 

I am off for a snooze now for 8 or 9 hours, then back to work again :bananas: 

 

 

Thank you

 

Marg - AKA, Lambshots


Edited by xXToffeeXx, 14 June 2014 - 07:05 AM.
Removed formatting from log to make it easier to read


#5 Lambshots

Lambshots
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Conception Bay South, Newfoundland
  • Local time:03:27 AM

Posted 14 June 2014 - 06:42 AM

I forgot to mention that I have Back-Up Discs for my Windows 8, 64 Bit System that I did when I first got my laptop.  When I set up my laptop there was a pop-up window suggesting that I do this, so I did.

 

Marg :thumbup2: 



#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:57 AM

Posted 14 June 2014 - 03:52 PM

Hi Lambshots,
 
Going over your logs I noticed that you have µTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
 
If you wish to keep it, please do not use it until your computer is cleaned.
 
--------------
 
WildTangent Program Warning:
Wild Tangent is a video game software company specializing in online games. It has even made a partnership with AOL to include itself as part of the AOL Instant Messenger for their AIM games section. The WildTangent Web Driver is their technology that allows you to play 3D games over the Internet. Although its not technically considered spyware it does have built in components to update itself and gather information about the computer system including:

  • Operating System Version
  • CPU Type and Speed
  • Memory Amount
  • Video Card type and Driver Version
  • Sound Card type and Driver Version
  • DirectX Version
  • Location that the Web Driver was installed from

For that reason I would suggest you uninstall it via add/remove.
 
--------------

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters
     
     
    tds2.jpg
  • Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now
     
     
    2012081514h0118.png
  • Click Start Scan and allow the scan process to run
     
     
    tds4-1.jpg
  • If threats are detected select Skip or Cure (if available) for all of them unless otherwise instructed.
    ***Do NOT select Delete!
  • Click Continue
     
     
    tds6.jpg
  • Click Reboot computer
  • Please copy the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) and paste it into your next reply

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • TDSSKiller log

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 Lambshots

Lambshots
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Conception Bay South, Newfoundland
  • Local time:03:27 AM

Posted 15 June 2014 - 07:08 PM

Hi Toffee, I am having trouble pasting this report. I have tried half a dozen times and it keeps saying "Saving Post" and it doesn't. Once it said "Timed Out". I will give her another go.

 

Tnx

 

Lambshots



#8 Lambshots

Lambshots
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Conception Bay South, Newfoundland
  • Local time:03:27 AM

Posted 15 June 2014 - 07:30 PM

Hi Toffee, sorry I am just getting around to doing this now. I tried to paste it here yesterday before I went to work but it was taking so long. I think I did this correctly and there were 2 threats found. Even while doing the scan I was getting Avast pop-up window saying "Threat found: URL:Mal". I did uninstall uTorrent and Wild Tangent as well. I couldn't post the report so I attached it.

 

Thank you

 

Lambshots



#9 Lambshots

Lambshots
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Conception Bay South, Newfoundland
  • Local time:03:27 AM

Posted 16 June 2014 - 07:13 AM

It won't let me post the report, it keeps saying the report is too long

 

Tnx

 

Lambshots



#10 Lambshots

Lambshots
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Conception Bay South, Newfoundland
  • Local time:03:27 AM

Posted 16 June 2014 - 07:47 AM

Hi Toffee, I had to attach it as a Zip file.

 

Tnx

 

Lambshots

Attached Files



#11 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:57 AM

Posted 16 June 2014 - 10:07 AM

Hi Lambshots,

 

Thank you for attaching that.

 

What are you doing when the url mal detections appears, and what url is it reporting?

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#12 Lambshots

Lambshots
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Conception Bay South, Newfoundland
  • Local time:03:27 AM

Posted 16 June 2014 - 02:28 PM

Most of the time that window pops up saying "Threat has been detected URL:Mal generic (something or other about Avast) and most times I am doing nothing on the laptop at all, just sitting here and it will pop up.

 

Tnx

 

Lambshots



#13 Lambshots

Lambshots
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Conception Bay South, Newfoundland
  • Local time:03:27 AM

Posted 16 June 2014 - 04:33 PM

This is the most recent message I got on my Avast pop up window:

 

Threat Detected: Avast has blocked a threat your computer is safe

 

 http:/.../generic?cid=CompID=0414cmid=ui

 

Tnx

 

Lambshots



#14 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:57 AM

Posted 17 June 2014 - 11:09 AM

Hi Lambshots,

 

Download Temp File Cleaner (TFC):

  • Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

 

Any better on the url:mal detections after running TFC?

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#15 Lambshots

Lambshots
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Conception Bay South, Newfoundland
  • Local time:03:27 AM

Posted 18 June 2014 - 07:57 AM

Oh Boy ... I am still getting the url:mal detections  even after running TFC.

 

:killcomp: 

 

Lambshots






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users