Did Malware removal, now wifi rarely works

bombpho · October 2, 2013

So the other day, I got an update from java on my chrome browser telling me i had to update my java before they would let me continue. I thought it was sketch at first, but I looked at it and everything seemed legit. So I updated. I ended up getting some virus that would start random sounds.

I then proceeded with malware removal (avast didnt find anything) and malwarebytes ended up finding like 110 files. now, obviously, i was in a rush, which was a mistake, and i removed everything. now my internet rarely works

My Laptop is an Intel® Core i5-3230M CPU@2.60GHz on a 64 bit operating system (I really dont know much about computers)

I really dont know what to do. Thank you for all your help, it is really appreciated.

kevinf80 · October 2, 2013

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Next,

Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Let me see those logs...

bombpho · October 2, 2013

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013

Ran by Nick (administrator) on NICKSLAPTOP on 02-10-2013 14:13:40

Running from C:\Users\Nick\Downloads

Windows 8 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe

(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Windows\system32\dashost.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

() C:\Windows\system32\valWBFPolicyService.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe

(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe

(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Microsoft Corporation) C:\Windows\System32\StikyNot.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe

(Amazon Digital Services, LLC.) C:\Users\Nick\AppData\Local\Apps\2.0\QKQAGKZ9.TB2\EN0LAPOR.QGH\amaz..tion_f2fa081ea2183235_0002.0000_52f6f5477bfc400b\AmazonCloudDrive.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe

() C:\Program Files (x86)\HP SimplePass\DownloadAD.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Sun Microsystems, Inc.) C:\Users\Nick\AppData\Local\Apps\2.0\QKQAGKZ9.TB2\EN0LAPOR.QGH\amaz..tion_f2fa081ea2183235_0002.0000_52f6f5477bfc400b\LocalServiceJre\bin\AmazonCloudDriveW.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Farbar) C:\Users\Nick\Downloads\FSS.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\system32\msiexec.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()

HKLM\...\Run: [bTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2874168 2012-09-14] (Synaptics Incorporated)

HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-05-30] (IDT, Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [405504 2012-07-25] (Microsoft Corporation)

HKCU\...\Run: [Power2GoExpress8] - C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1711680 2013-01-27] (CyberLink Corp.)

HKCU\...\Run: [DAEMON Tools Ultra Agent] - C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe [3128352 2013-06-25] (Disc Soft Ltd)

HKCU\...\Run: [Google Update] - C:\Users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-08-28] (Google Inc.)

HKLM-x32\...\Run: [] - [x]

HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [684024 2012-10-17] (Cisco Systems, Inc.)

HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)

HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-19] (DivX, LLC)

HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()

HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)

AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL [253816 2013-03-12] ()

Startup: C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.lnk

ShortcutTarget: Amazon Cloud Drive.lnk -> C:\Users\Nick\AppData\Local\Apps\2.0\QKQAGKZ9.TB2\EN0LAPOR.QGH\amaz..tion_f2fa081ea2183235_0002.0000_52f6f5477bfc400b\AmazonCloudDrive.exe (Amazon Digital Services, LLC.)

Startup: C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk

ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS

SearchScopes: HKLM-x32 - DefaultScope {096AB13F-7C18-442D-AA22-6088BD3D064C} URL =

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS

SearchScopes: HKCU - {096AB13F-7C18-442D-AA22-6088BD3D064C} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN35509119292399012&UM=2

SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =

BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: No Name - {7F6AFBF1-E065-4627-A2FD-810366367D01} - No File

BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 138.23.146.213 138.23.201.101

Chrome:

=======

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll ()

CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)

CHR Plugin: (Simple Pass) - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)

CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Google Update) - C:\Users\Nick\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

CHR Plugin: (Google Talk Plugin) - C:\Users\Nick\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Nick\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Nick\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)

CHR Extension: (Google Translate) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.5_0

CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0

CHR Extension: (Docs) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0

CHR Extension: (Google Drive) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0

CHR Extension: (Turn Off the Lights) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.2.0.21_0

CHR Extension: (YouTube) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0

CHR Extension: (Adblock Plus) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.4_0

CHR Extension: (Google Search) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0

CHR Extension: (Google Calendar) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0

CHR Extension: (Planetarium) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp\1.1.2_0

CHR Extension: (AdBlock) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0

CHR Extension: (avast! Online Security) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0

CHR Extension: (Marvel Comics) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfaknohpjconjoefidanhihokmkice\1.0.0.0_0

CHR Extension: (Website Logon) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbkhknacohfhbmmpnmbkgdffdbildof\6.0.100_0

CHR Extension: (Cloud Reader) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd\1.4.0_0

CHR Extension: (Texas Hold'em Poker) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlopdoomnpjlpnpkppjjeknlbjlmkjpj\0.5.3.3_0

CHR Extension: (WhiteSmoke New) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.1.24_0

CHR Extension: (Dragon Ball Z mmorpg game !) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\kljhjkncoceojjbadalclgdinmijjien\1.1_0

CHR Extension: (StayFocusd) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji\1.3.12_0

CHR Extension: (Water's Valley) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhpodmbdlgmgffpgbennemfkjhhaocfl\1.1_0

CHR Extension: (3D Solar System Web) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdaaepplopehigjgkolniddiadbbkphd\0.50_0

CHR Extension: (Google Dictionary (by Google)) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.19_0

CHR Extension: (Google Play Books) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\1.1.8_0

CHR Extension: (Chrome In-App Payments service) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0

CHR Extension: (Gmail) - C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx

CHR HKLM-x32\...\Chrome\Extension: [hmbkhknacohfhbmmpnmbkgdffdbildof] - C:\Program Files (x86)\HP SimplePass\tschrome.crx

CHR HKLM-x32\...\Chrome\Extension: [jaaieiajnhcnimjgfmjpccjmmfkploci] - C:\Program Files (x86)\HP SimplePass\tschrome.crx

CHR HKLM-x32\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files (x86)\DefaultTab\DefaultTab.crx

CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Nick\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)

R3 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [632352 2013-06-25] (Disc Soft Ltd)

R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP)

R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] ()

R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1871032 2013-03-15] (Microsoft Corporation)

R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)

R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] ()

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)

R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()

R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)

R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)

R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)

R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [121728 2012-08-27] (Motorola Solutions, Inc.)

R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)

R3 dtscsibus; C:\Windows\system32\DRIVERS\dtscsibus.sys [29696 2013-08-26] (Disc Soft Ltd)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4309032 2012-10-10] (Intel Corporation)

S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [273040 2012-08-08] (Realtek Semiconductor Corp.)

S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-14] (Synaptics Incorporated)

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-14] (Synaptics Incorporated)

R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows ® Win 7 DDK provider)

R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows ® Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-02 14:13 - 2013-10-02 14:13 - 00000000 ____D C:\FRST

2013-10-02 14:12 - 2013-10-01 20:41 - 00047872 _____ C:\Users\Nick\Documents\(10-2,%204,%2011)%20HesiodTheogonyTransEvelynWhite.doc_1.odt

2013-10-02 14:10 - 2013-10-02 14:11 - 01954124 _____ (Farbar) C:\Users\Nick\Downloads\FRST64.exe

2013-10-02 03:02 - 2013-10-02 03:08 - 00002846 _____ C:\Users\Nick\Downloads\FSS.txt

2013-10-02 03:02 - 2013-10-02 03:02 - 00358923 _____ (Farbar) C:\Users\Nick\Downloads\FSS.exe

2013-09-30 13:52 - 2013-08-06 22:15 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll

2013-09-30 13:51 - 2013-10-02 14:13 - 00721304 _____ C:\Windows\WindowsUpdate.log

2013-09-30 04:21 - 2013-10-02 13:27 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2013-09-30 04:20 - 2013-10-02 13:27 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-09-30 04:20 - 2013-10-02 04:25 - 00000914 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-09-30 04:20 - 2013-09-30 04:20 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2013-09-30 04:20 - 2013-09-30 04:20 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2013-09-29 19:04 - 2013-09-30 00:37 - 00000000 ____D C:\Program Files (x86)\MyPC Backup

2013-09-29 19:03 - 2013-09-29 19:03 - 00000000 ____D C:\Users\Nick\AppData\Roaming\Optimizer Pro

2013-09-29 19:02 - 2013-09-29 21:06 - 00000000 ____D C:\Users\Nick\AppData\Roaming\DefaultTab

2013-09-29 19:02 - 2013-09-29 21:06 - 00000000 ____D C:\ProgramData\eSafe

2013-09-29 19:02 - 2013-09-29 20:35 - 00000000 ____D C:\Users\Nick\AppData\Roaming\Desk 365

2013-09-29 19:02 - 2013-09-29 19:02 - 00001062 _____ C:\Users\Nick\Desktop\Optimizer Pro.lnk

2013-09-29 19:02 - 2013-09-29 19:02 - 00000258 __RSH C:\Users\Nick\ntuser.pol

2013-09-29 16:29 - 2013-09-29 16:29 - 00000000 ____D C:\Users\Nick\Downloads\4787 - Pokemon - HeartGold Version (U)

2013-09-29 03:45 - 2013-09-29 03:45 - 00000000 ____D C:\Users\Nick\AppData\Roaming\Mozilla

2013-09-29 02:52 - 2013-10-02 01:45 - 00040876 _____ C:\Windows\PFRO.log

2013-09-28 22:08 - 2013-09-28 22:20 - 512630363 _____ C:\Users\Nick\Downloads\TUF-18x4-SinisterGrin@primewire.ag

2013-09-27 01:38 - 2013-09-27 01:38 - 00025832 _____ C:\Users\Nick\Documents\Backup for Registry Sep 27.reg

2013-09-23 18:42 - 2013-09-23 18:42 - 00389928 _____ C:\Users\Nick\Downloads\Schedule Fall 2k13.htm

2013-09-23 18:42 - 2013-09-23 18:42 - 00000000 ____D C:\Users\Nick\Downloads\Schedule Fall 2k13_files

2013-09-22 03:05 - 2013-09-29 14:00 - 00000000 ____D C:\Users\Nick\Downloads\TV Series

2013-09-20 17:02 - 2013-09-20 17:06 - 29036456 _____ (Oracle Corporation) C:\Users\Nick\Downloads\jre-7u40-windows-i586.exe

2013-09-18 21:49 - 2013-09-18 21:57 - 00000000 ____D C:\Users\Nick\Downloads\Pokemon Light Platinum IPS app

2013-09-12 16:29 - 2013-09-12 16:29 - 00470592 _____ C:\Windows\system32\FNTCACHE.DAT

2013-09-12 12:34 - 2013-09-18 16:26 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-09-12 12:34 - 2013-09-18 16:26 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-09-11 23:47 - 2013-08-15 22:41 - 00058200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys

2013-09-11 23:47 - 2013-08-15 22:39 - 02371728 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll

2013-09-11 23:47 - 2013-08-15 22:39 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2013-09-11 23:47 - 2013-08-15 22:32 - 00209200 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe

2013-09-11 23:47 - 2013-08-15 22:22 - 04917760 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe

2013-09-11 23:47 - 2013-08-15 22:22 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2013-09-11 23:47 - 2013-08-15 22:21 - 03275776 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2013-09-11 23:47 - 2013-08-15 22:21 - 01621504 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2013-09-11 23:47 - 2013-08-15 22:21 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll

2013-09-11 23:47 - 2013-08-15 22:21 - 00773120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2013-09-11 23:47 - 2013-08-15 22:21 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll

2013-09-11 23:47 - 2013-08-15 22:21 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll

2013-09-11 23:47 - 2013-08-15 22:21 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll

2013-09-11 23:47 - 2013-08-15 22:21 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll

2013-09-11 23:47 - 2013-08-15 22:21 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll

2013-09-11 23:47 - 2013-08-15 22:21 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\WSSync.dll

2013-09-11 23:47 - 2013-08-15 22:21 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll

2013-09-11 23:47 - 2013-08-15 22:21 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2013-09-11 23:47 - 2013-08-15 22:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2013-09-11 23:47 - 2013-08-15 22:21 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll

2013-09-11 23:47 - 2013-08-15 22:21 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2013-09-11 23:47 - 2013-08-15 22:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\setupcln.dll

2013-09-11 23:47 - 2013-08-15 22:21 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2013-09-11 23:47 - 2013-08-15 22:21 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2013-09-11 23:47 - 2013-08-15 22:20 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll

2013-09-11 23:47 - 2013-08-15 15:43 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2013-09-11 23:47 - 2013-08-15 15:43 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll

2013-09-11 23:47 - 2013-08-15 15:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll

2013-09-11 23:47 - 2013-08-15 15:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSSync.dll

2013-09-11 23:47 - 2013-08-15 15:43 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll

2013-09-11 23:47 - 2013-08-15 15:43 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2013-09-11 23:47 - 2013-08-15 15:43 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2013-09-11 23:47 - 2013-08-15 15:43 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2013-09-11 23:47 - 2013-08-15 15:43 - 00083968 _____ C:\Windows\SysWOW64\OEMLicense.dll

2013-09-11 23:47 - 2013-08-15 15:43 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2013-09-11 23:47 - 2013-08-15 15:43 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2013-09-11 23:47 - 2013-08-15 15:42 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll

2013-09-11 23:47 - 2013-08-15 15:42 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupcln.dll

2013-09-11 23:45 - 2013-08-20 21:11 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-09-11 23:45 - 2013-08-20 21:11 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-09-11 23:45 - 2013-08-20 21:11 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-09-11 23:45 - 2013-08-20 19:05 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-09-11 23:44 - 2013-08-20 21:12 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-09-11 23:44 - 2013-08-20 21:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-09-11 23:44 - 2013-08-20 21:11 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-09-11 23:44 - 2013-08-20 21:11 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-09-11 23:44 - 2013-08-20 21:11 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll

2013-09-11 23:44 - 2013-08-20 21:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-09-11 23:44 - 2013-08-20 21:11 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-09-11 23:44 - 2013-08-20 21:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-09-11 23:44 - 2013-08-20 21:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-09-11 23:44 - 2013-08-20 21:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll

2013-09-11 23:44 - 2013-08-20 21:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-09-11 23:44 - 2013-08-20 21:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-09-11 23:44 - 2013-08-20 19:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-09-11 23:44 - 2013-08-20 19:06 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-09-11 23:44 - 2013-08-20 19:06 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-09-11 23:44 - 2013-08-20 19:06 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll

2013-09-11 23:44 - 2013-08-20 19:05 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-09-11 23:44 - 2013-08-20 19:05 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-09-11 23:44 - 2013-08-20 19:05 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-09-11 23:44 - 2013-08-20 19:05 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-09-11 23:44 - 2013-08-20 19:05 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-09-11 23:44 - 2013-08-20 19:05 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-09-11 23:44 - 2013-08-20 19:05 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-09-11 23:44 - 2013-08-20 19:05 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-09-11 23:44 - 2013-08-20 19:05 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-09-11 23:44 - 2013-08-20 18:43 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-09-11 23:44 - 2013-08-20 16:52 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll

2013-09-11 23:44 - 2013-07-09 01:04 - 00120144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys

2013-09-11 23:44 - 2013-07-08 23:18 - 00439488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe

2013-09-11 23:44 - 2013-07-08 21:25 - 00385768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe

2013-09-11 23:44 - 2013-07-08 20:57 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll

2013-09-11 23:44 - 2013-07-08 15:46 - 00543744 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll

2013-09-11 23:44 - 2013-07-08 15:46 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll

2013-09-11 23:44 - 2013-07-08 15:46 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Wwanadvui.dll

2013-09-11 23:44 - 2013-07-08 15:45 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll

2013-09-11 23:44 - 2013-07-05 17:16 - 01025024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll

2013-09-11 23:44 - 2013-07-02 17:23 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll

2013-09-11 23:44 - 2013-07-02 17:23 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll

2013-09-11 23:44 - 2013-07-02 17:22 - 02839552 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll

2013-09-11 23:44 - 2013-07-02 17:22 - 01300480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2013-09-11 23:44 - 2013-07-02 17:11 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll

2013-09-11 23:44 - 2013-07-02 17:11 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll

2013-09-11 23:44 - 2013-07-02 17:10 - 02273792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll

2013-09-11 23:44 - 2013-07-01 15:08 - 00387583 _____ C:\Windows\system32\ApnDatabase.xml

2013-09-11 23:44 - 2013-06-30 15:30 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\openfiles.exe

2013-09-11 23:44 - 2013-06-30 15:29 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\openfiles.exe

2013-09-11 23:44 - 2013-06-28 23:15 - 00195416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys

2013-09-11 23:44 - 2013-06-28 23:15 - 00125784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys

2013-09-11 23:44 - 2013-06-28 22:43 - 00327512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys

2013-09-11 23:44 - 2013-06-28 18:12 - 01022464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2013-09-11 23:44 - 2013-06-25 20:01 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys

2013-09-11 23:44 - 2013-06-25 19:59 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys

2013-09-11 23:44 - 2013-06-24 15:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll

2013-09-11 23:44 - 2013-06-24 15:54 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll

2013-09-11 23:44 - 2013-06-24 15:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll

2013-09-11 23:44 - 2013-06-18 22:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll

2013-09-11 23:44 - 2013-06-18 22:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll

2013-09-11 23:44 - 2013-06-18 15:38 - 00160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll

2013-09-11 23:44 - 2013-06-18 15:38 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll

2013-09-11 23:44 - 2013-06-11 16:43 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll

2013-09-11 23:44 - 2013-06-11 16:26 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll

2013-09-11 23:44 - 2013-06-10 14:17 - 00096512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys

2013-09-11 23:44 - 2013-06-10 12:16 - 00888832 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll

2013-09-11 23:44 - 2013-06-10 12:15 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL

2013-09-11 23:44 - 2013-06-10 12:15 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL

2013-09-11 23:44 - 2013-06-10 12:15 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL

2013-09-11 23:44 - 2013-06-10 12:10 - 00702464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll

2013-09-11 23:44 - 2013-06-10 12:10 - 00245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL

2013-09-11 23:44 - 2013-06-06 01:03 - 00119040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS

2013-09-11 23:43 - 2013-08-02 21:30 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-09-11 03:12 - 2013-09-11 03:12 - 00000000 ____D C:\Users\Nick\AppData\Roaming\DivX

2013-09-07 17:46 - 2013-09-07 17:46 - 00000000 ____D C:\Users\Nick\AppData\Local\Western Digital

2013-09-03 11:53 - 2013-09-03 11:54 - 00002611 _____ C:\Users\Public\Desktop\AllShare Control.lnk

2013-09-03 11:53 - 2013-09-03 11:53 - 00000000 ____D C:\Program Files (x86)\Samsung

2013-09-03 11:52 - 2013-09-03 11:52 - 00000000 ____D C:\ProgramData\Samsung

2013-09-03 11:52 - 2013-09-03 11:52 - 00000000 ____D C:\Program Files\SAMSUNG

2013-09-02 03:18 - 2013-09-02 03:18 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-09-02 03:18 - 2013-09-02 03:18 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-09-02 03:18 - 2013-09-02 03:18 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-09-02 03:18 - 2013-09-02 03:18 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-09-02 03:18 - 2013-09-02 03:18 - 00000000 ____D C:\Program Files (x86)\Java

2013-09-02 01:39 - 2013-09-02 19:57 - 00000000 ____D C:\Users\Nick\Downloads\Mystery

2013-09-02 01:34 - 2013-09-09 16:33 - 00000000 ____D C:\Users\Nick\Downloads\Emulator and Games

2013-09-02 01:33 - 2013-10-01 19:16 - 00000000 ____D C:\Users\Nick\Downloads\School

2013-09-02 01:33 - 2013-09-02 01:33 - 00000000 ____D C:\Users\Nick\Downloads\E-Books

2013-09-02 01:30 - 2013-09-02 01:31 - 00029120 _____ C:\Users\Nick\Documents\Backup for Registry Sep9.reg

2013-09-02 01:00 - 2013-09-02 01:00 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum

2013-09-02 01:00 - 2013-09-02 01:00 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum

2013-09-02 01:00 - 2013-09-02 01:00 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum

2013-09-02 00:59 - 2013-09-02 00:59 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2013-09-02 00:59 - 2013-08-30 00:48 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys

2013-09-02 00:59 - 2013-08-30 00:48 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys

2013-09-02 00:59 - 2013-08-30 00:48 - 00204880 _____ C:\Windows\system32\Drivers\aswVmm.sys

2013-09-02 00:59 - 2013-08-30 00:48 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys

2013-09-02 00:59 - 2013-08-30 00:48 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys

2013-09-02 00:59 - 2013-08-30 00:48 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys

2013-09-02 00:59 - 2013-08-30 00:48 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys

2013-09-02 00:58 - 2013-09-30 00:55 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update

2013-09-02 00:58 - 2013-09-18 20:36 - 00000000 _____ C:\Windows\SysWOW64\config.nt

2013-09-02 00:58 - 2013-09-02 00:58 - 00000000 ____D C:\Program Files\AVAST Software

2013-09-02 00:58 - 2013-08-30 00:48 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

2013-09-02 00:58 - 2013-08-30 00:47 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

2013-09-02 00:58 - 2013-08-30 00:47 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr

2013-09-02 00:58 - 2013-04-30 01:51 - 00040616 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys

2013-09-02 00:57 - 2013-09-02 00:58 - 00000000 ____D C:\ProgramData\AVAST Software

2013-09-02 00:40 - 2013-09-02 00:40 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-09-02 00:40 - 2013-09-02 00:40 - 00000000 ____D C:\Users\Nick\AppData\Roaming\Malwarebytes

2013-09-02 00:40 - 2013-09-02 00:40 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-09-02 00:40 - 2013-09-02 00:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-09-02 00:40 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

==================== One Month Modified Files and Folders =======

2013-10-02 14:13 - 2013-10-02 14:13 - 00000000 ____D C:\FRST

2013-10-02 14:13 - 2013-09-30 13:51 - 00721304 _____ C:\Windows\WindowsUpdate.log

2013-10-02 14:11 - 2013-10-02 14:10 - 01954124 _____ (Farbar) C:\Users\Nick\Downloads\FRST64.exe

2013-10-02 14:10 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\system32\sru

2013-10-02 13:44 - 2013-08-28 14:39 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-388929709-3002886532-3580485378-1001UA.job

2013-10-02 13:27 - 2013-09-30 04:21 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2013-10-02 13:27 - 2013-09-30 04:20 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-10-02 05:13 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\AUInstallAgent

2013-10-02 04:25 - 2013-09-30 04:20 - 00000914 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-10-02 03:18 - 2013-07-30 16:03 - 00000000 ____D C:\Users\Nick\AppData\Roaming\BitTorrent

2013-10-02 03:08 - 2013-10-02 03:02 - 00002846 _____ C:\Users\Nick\Downloads\FSS.txt

2013-10-02 03:02 - 2013-10-02 03:02 - 00358923 _____ (Farbar) C:\Users\Nick\Downloads\FSS.exe

2013-10-02 02:53 - 2013-03-06 17:33 - 00003164 _____ C:\Windows\System32\Tasks\HPCeeScheduleForNick

2013-10-02 02:53 - 2013-03-06 17:33 - 00000352 _____ C:\Windows\Tasks\HPCeeScheduleForNick.job

2013-10-02 02:53 - 2013-02-27 03:33 - 00000000 ____D C:\Users\Nick

2013-10-02 01:45 - 2013-09-29 02:52 - 00040876 _____ C:\Windows\PFRO.log

2013-10-02 01:45 - 2012-07-26 00:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-10-02 01:44 - 2012-07-25 22:26 - 00262144 ___SH C:\Windows\system32\config\BBI

2013-10-01 20:41 - 2013-10-02 14:12 - 00047872 _____ C:\Users\Nick\Documents\(10-2,%204,%2011)%20HesiodTheogonyTransEvelynWhite.doc_1.odt

2013-10-01 19:16 - 2013-09-02 01:33 - 00000000 ____D C:\Users\Nick\Downloads\School

2013-10-01 18:35 - 2013-04-12 11:15 - 00000000 ____D C:\Users\Nick\Downloads\Resume for everything_files

2013-10-01 14:44 - 2013-08-28 14:39 - 00000876 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-388929709-3002886532-3580485378-1001Core.job

2013-10-01 14:17 - 2013-02-27 03:35 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6B3381F2-129E-4611-86AC-991A4ACE80BB}

2013-10-01 02:20 - 2013-03-03 03:15 - 00686592 ___SH C:\Users\Nick\Downloads\Thumbs.db

2013-09-30 05:02 - 2013-02-27 03:41 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-388929709-3002886532-3580485378-1001

2013-09-30 04:21 - 2013-02-27 03:46 - 00000000 ____D C:\Program Files (x86)\Google

2013-09-30 04:20 - 2013-09-30 04:20 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2013-09-30 04:20 - 2013-09-30 04:20 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2013-09-30 00:55 - 2013-09-02 00:58 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update

2013-09-30 00:37 - 2013-09-29 19:04 - 00000000 ____D C:\Program Files (x86)\MyPC Backup

2013-09-30 00:37 - 2013-02-27 03:35 - 00000000 ___RD C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-09-30 00:28 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\system32\NDF

2013-09-29 23:17 - 2012-07-26 00:28 - 00942930 _____ C:\Windows\system32\PerfStringBackup.INI

2013-09-29 23:08 - 2013-05-11 03:55 - 00000000 ____D C:\Users\Nick\Downloads\Applications

2013-09-29 21:06 - 2013-09-29 19:02 - 00000000 ____D C:\Users\Nick\AppData\Roaming\DefaultTab

2013-09-29 21:06 - 2013-09-29 19:02 - 00000000 ____D C:\ProgramData\eSafe

2013-09-29 20:52 - 2013-08-16 03:04 - 00000000 ____D C:\Users\Nick\AppData\Roaming\vlc

2013-09-29 20:35 - 2013-09-29 19:02 - 00000000 ____D C:\Users\Nick\AppData\Roaming\Desk 365

2013-09-29 19:03 - 2013-09-29 19:03 - 00000000 ____D C:\Users\Nick\AppData\Roaming\Optimizer Pro

2013-09-29 19:02 - 2013-09-29 19:02 - 00001062 _____ C:\Users\Nick\Desktop\Optimizer Pro.lnk

2013-09-29 19:02 - 2013-09-29 19:02 - 00000258 __RSH C:\Users\Nick\ntuser.pol

2013-09-29 19:02 - 2012-07-26 01:12 - 00000000 ___HD C:\Windows\system32\GroupPolicy

2013-09-29 19:02 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy

2013-09-29 16:29 - 2013-09-29 16:29 - 00000000 ____D C:\Users\Nick\Downloads\4787 - Pokemon - HeartGold Version (U)

2013-09-29 14:00 - 2013-09-22 03:05 - 00000000 ____D C:\Users\Nick\Downloads\TV Series

2013-09-29 13:59 - 2013-08-27 00:26 - 00000000 ____D C:\Users\Nick\Downloads\Movies

2013-09-29 03:45 - 2013-09-29 03:45 - 00000000 ____D C:\Users\Nick\AppData\Roaming\Mozilla

2013-09-28 22:20 - 2013-09-28 22:08 - 512630363 _____ C:\Users\Nick\Downloads\TUF-18x4-SinisterGrin@primewire.ag

2013-09-27 01:38 - 2013-09-27 01:38 - 00025832 _____ C:\Users\Nick\Documents\Backup for Registry Sep 27.reg

2013-09-25 03:59 - 2013-04-23 15:42 - 00000000 ____D C:\Users\Nick\Downloads\Comics

2013-09-23 18:42 - 2013-09-23 18:42 - 00389928 _____ C:\Users\Nick\Downloads\Schedule Fall 2k13.htm

2013-09-23 18:42 - 2013-09-23 18:42 - 00000000 ____D C:\Users\Nick\Downloads\Schedule Fall 2k13_files

2013-09-22 03:13 - 2013-07-08 03:01 - 00000000 ____D C:\Users\Nick\Downloads\Winrar Files

2013-09-20 17:06 - 2013-09-20 17:02 - 29036456 _____ (Oracle Corporation) C:\Users\Nick\Downloads\jre-7u40-windows-i586.exe

2013-09-19 08:31 - 2013-02-28 18:33 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log

2013-09-19 08:31 - 2013-02-28 18:33 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2013-09-18 21:57 - 2013-09-18 21:49 - 00000000 ____D C:\Users\Nick\Downloads\Pokemon Light Platinum IPS app

2013-09-18 20:36 - 2013-09-02 00:58 - 00000000 _____ C:\Windows\SysWOW64\config.nt

2013-09-18 16:26 - 2013-09-12 12:34 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-09-18 16:26 - 2013-09-12 12:34 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-09-16 16:02 - 2013-02-27 03:34 - 00000000 ____D C:\Users\Nick\AppData\Local\VirtualStore

2013-09-14 05:58 - 2013-08-16 03:08 - 00000000 ____D C:\Program Files (x86)\DivX

2013-09-14 05:58 - 2013-08-16 03:07 - 00000000 ____D C:\ProgramData\DivX

2013-09-12 18:15 - 2013-07-31 01:22 - 00000000 ____D C:\Users\Nick\Downloads\Torrents

2013-09-12 16:29 - 2013-09-12 16:29 - 00470592 _____ C:\Windows\system32\FNTCACHE.DAT

2013-09-12 13:00 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\rescache

2013-09-12 12:29 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\WinStore

2013-09-12 12:28 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\PolicyDefinitions

2013-09-12 12:28 - 2012-07-25 22:38 - 00000000 ____D C:\Windows\system32\oobe

2013-09-12 08:39 - 2012-08-03 17:02 - 00000000 ____D C:\SWSetup

2013-09-12 05:53 - 2013-07-28 21:20 - 00000000 ____D C:\Windows\system32\MRT

2013-09-12 05:51 - 2013-03-01 00:38 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-09-11 03:12 - 2013-09-11 03:12 - 00000000 ____D C:\Users\Nick\AppData\Roaming\DivX

2013-09-09 16:33 - 2013-09-02 01:34 - 00000000 ____D C:\Users\Nick\Downloads\Emulator and Games

2013-09-07 17:46 - 2013-09-07 17:46 - 00000000 ____D C:\Users\Nick\AppData\Local\Western Digital

2013-09-05 10:50 - 2012-12-22 23:56 - 00000000 ____D C:\Windows\Hewlett-Packard

2013-09-03 11:54 - 2013-09-03 11:53 - 00002611 _____ C:\Users\Public\Desktop\AllShare Control.lnk

2013-09-03 11:53 - 2013-09-03 11:53 - 00000000 ____D C:\Program Files (x86)\Samsung

2013-09-03 11:52 - 2013-09-03 11:52 - 00000000 ____D C:\ProgramData\Samsung

2013-09-03 11:52 - 2013-09-03 11:52 - 00000000 ____D C:\Program Files\SAMSUNG

2013-09-02 19:57 - 2013-09-02 01:39 - 00000000 ____D C:\Users\Nick\Downloads\Mystery

2013-09-02 04:55 - 2013-03-10 03:44 - 00000000 ____D C:\Users\Nick\Downloads\Pictures of Lady

2013-09-02 03:18 - 2013-09-02 03:18 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2013-09-02 03:18 - 2013-09-02 03:18 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2013-09-02 03:18 - 2013-09-02 03:18 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2013-09-02 03:18 - 2013-09-02 03:18 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-09-02 03:18 - 2013-09-02 03:18 - 00000000 ____D C:\Program Files (x86)\Java

2013-09-02 03:18 - 2013-03-09 22:04 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll

2013-09-02 03:18 - 2013-03-09 22:04 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll

2013-09-02 01:39 - 2013-04-25 03:53 - 00000000 ____D C:\Users\Nick\Downloads\Images

2013-09-02 01:33 - 2013-09-02 01:33 - 00000000 ____D C:\Users\Nick\Downloads\E-Books

2013-09-02 01:31 - 2013-09-02 01:30 - 00029120 _____ C:\Users\Nick\Documents\Backup for Registry Sep9.reg

2013-09-02 01:00 - 2013-09-02 01:00 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum

2013-09-02 01:00 - 2013-09-02 01:00 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum

2013-09-02 01:00 - 2013-09-02 01:00 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum

2013-09-02 00:59 - 2013-09-02 00:59 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2013-09-02 00:58 - 2013-09-02 00:58 - 00000000 ____D C:\Program Files\AVAST Software

2013-09-02 00:58 - 2013-09-02 00:57 - 00000000 ____D C:\ProgramData\AVAST Software

2013-09-02 00:56 - 2012-07-26 01:12 - 00000000 ___HD C:\Windows\ELAMBKUP

2013-09-02 00:55 - 2012-07-25 22:26 - 00262144 ___SH C:\Windows\system32\config\ELAM

2013-09-02 00:51 - 2013-05-12 21:19 - 00000000 ____D C:\Users\Nick\AppData\Roaming\SearchProtect

2013-09-02 00:51 - 2013-05-12 21:19 - 00000000 ____D C:\Program Files (x86)\SearchProtect

2013-09-02 00:50 - 2013-05-12 21:18 - 00000000 ____D C:\ProgramData\Vaaudixx

2013-09-02 00:40 - 2013-09-02 00:40 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-09-02 00:40 - 2013-09-02 00:40 - 00000000 ____D C:\Users\Nick\AppData\Roaming\Malwarebytes

2013-09-02 00:40 - 2013-09-02 00:40 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-09-02 00:40 - 2013-09-02 00:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

Some content of TEMP:

====================

C:\Users\Nick\AppData\Local\Temp\BackupSetup.exe

C:\Users\Nick\AppData\Local\Temp\Java.exe

C:\Users\Nick\AppData\Local\Temp\vcredist_x64.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-09-29 13:32

==================== End Of Log ============================

bombpho · October 2, 2013

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013

Ran by Nick at 2013-10-02 14:14:30

Running from C:\Users\Nick\Downloads

Boot Mode: Normal

==========================================================

==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

4 Elements II (x32 Version: 2.2.0.98)

Adobe Shockwave Player 11.6 (x32 Version: 11.6.6.636)

AIM for Windows (HKCU)

AllShare Control (x32 Version: 1.5)

Amazon Cloud Drive (HKCU Version: 2.0.2013.841)

Amazon Kindle (HKCU)

AuthenTec TrueAPI 64-bit (Version: 1.6.0.87)

avast! Free Antivirus (x32 Version: 8.0.1497.0)

Bejeweled 3 (x32 Version: 2.2.0.98)

Bonjour (Version: 3.0.0.10)

Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98)

CCleaner (Version: 4.04)

Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.01065)

Comical 0.8 (x32)

ComicRack v0.9.168 (Version: v0.9.168)

Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98)

Cradle of Rome 2 (x32 Version: 2.2.0.98)

CyberLink LabelPrint (x32 Version: 2.5.3.6326)

CyberLink Media Suite 10 (x32 Version: 10.0.3.2608)

CyberLink PhotoDirector (x32 Version: 2.0.2.3317)

CyberLink Power2Go 8 (x32 Version: 8.0.3.2527)

CyberLink PowerDirector 10 (x32 Version: 10.0.3.2606)

CyberLink PowerDVD (x32 Version: 10.0.6.4319)

CyberLink YouCam (x32 Version: 3.5.6.6119)

D3DX10 (x32 Version: 15.4.2368.0902)

DAEMON Tools Ultra (x32 Version: 1.1.0.0103)

Defraggler (Version: 2.15)

DivX Setup (x32 Version: 2.6.1.84)

Download Updater (AOL Inc.) (x32)

Energy Star (x32 Version: 1.0.9)

Farm Frenzy (x32 Version: 2.2.0.98)

FATE: The Cursed King (x32 Version: 2.2.0.97)

Final Drive Fury (x32 Version: 2.2.0.95)

Gardenscapes: Mansion Makeover (x32 Version: 3.0.2.32)

Google Chrome (x32 Version: 30.0.1599.66)

Google Talk Plugin (x32 Version: 4.7.0.15362)

Google Update Helper (x32 Version: 1.3.21.153)

Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95)

Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)

House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98)

Hoyle Card Games (x32 Version: 2.2.0.95)

HP 3D DriveGuard (Version: 4.2.9.1)

HP Connected Music (Meridian - installer) (x32 Version: v1.0)

HP Connected Remote (x32 Version: 1.0.1218)

HP CoolSense (x32 Version: 2.10.51)

HP Customer Experience Enhancements (x32 Version: 6.0.1.7)

HP Documentation (x32 Version: 1.2.0.0)

HP Games (x32 Version: 1.0.3.0)

HP Postscript Converter (Version: 3.1.3591)

HP Quick Launch (x32 Version: 3.0.6)

HP Recovery Manager (x32 Version: 8.00)

HP Registration Service (Version: 1.1.6232.4245)

HP SimplePass (x32 Version: 6.0.100.272)

HP Support Assistant (x32 Version: 7.0.39.15)

HP Utility Center (x32 Version: 1.0.8)

HP Wireless Button Driver (x32 Version: 1.0.7.1)

IDT Audio (x32 Version: 1.0.6425.0)

Intel PROSet Wireless

Intel® Management Engine Components (x32 Version: 8.1.0.1252)

Intel® Processor Graphics (x32 Version: 9.17.10.2857)

Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 15.5.4.0423)

Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 2.6.1209.0268)

Intel® Rapid Storage Technology (x32 Version: 11.5.9.1002)

Intel® SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)

Intel® WiDi (Version: 3.5.40.0)

Intel® PROSet/Wireless WiFi Software (Version: 15.05.6000.1620)

Intel® Trusted Connect Service Client (Version: 1.24.388.1)

Java 7 Update 25 (x32 Version: 7.0.250)

Java Auto Updater (x32 Version: 2.1.9.5)

Jewel Match 3 (x32 Version: 2.2.0.98)

John Deere Drive Green (x32 Version: 2.2.0.95)

Luxor Evolved (x32 Version: 2.2.0.98)

Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98)

Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)

Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98)

Movie Maker (x32 Version: 16.4.3503.0728)

MSVCRT (x32 Version: 15.4.2862.0708)

MSVCRT110 (x32 Version: 16.4.1108.0727)

MSVCRT110_amd64 (Version: 16.4.1108.0727)

Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4481.1510)

Office 15 Click-to-Run Licensing Component (Version: 15.0.4481.1510)

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4481.1510)

OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)

Peggle Nights (x32 Version: 2.2.0.98)

Penguins! (x32 Version: 2.2.0.98)

Photo Common (x32 Version: 16.4.3503.0728)

Photo Gallery (x32 Version: 16.4.3503.0728)

Polar Bowler (x32 Version: 2.2.0.97)

Polar Golfer (x32 Version: 2.2.0.98)

Realtek Ethernet Controller Driver (x32 Version: 8.2.612.2012)

Realtek PCIE Card Reader (x32 Version: 6.2.8400.29034)

Roads of Rome 3 (x32 Version: 2.2.0.98)

Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32)

SAMSUNG USB Driver for Mobile Phones (Version: 1.5.14.0)

Star Wars: The Old Republic (x32 Version: 1.00)

swMSM (x32 Version: 12.0.0.1)

Synaptics Pointing Device Driver (Version: 16.2.15.0)

Tales of Lagoona (x32 Version: 2.2.0.110)

Update Installer for WildTangent Games App (x32)

Validity WBF DDK (Version: 4.4.234.0)

VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)

VitalSource Bookshelf (x32 Version: 5.05.0047)

VLC media player 2.0.8 (x32 Version: 2.0.8)

WildTangent Games (x32 Version: 1.0.3.0)

WildTangent Games App (x32 Version: 4.0.9.7)

Windows Live Communications Platform (x32 Version: 16.4.3503.0728)

Windows Live Essentials (x32 Version: 16.4.3503.0728)

Windows Live Installer (x32 Version: 16.4.3503.0728)

Windows Live Photo Common (x32 Version: 16.4.3503.0728)

Windows Live PIMT Platform (x32 Version: 16.4.3503.0728)

Windows Live SOXE (x32 Version: 16.4.3503.0728)

Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728)

Windows Live UX Platform (x32 Version: 16.4.3503.0728)

Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728)

WinRAR 4.20 (32-bit) (x32 Version: 4.20.0)

WinRAR 4.20 (64-bit) (Version: 4.20.0)

Youda Jewel Shop (x32 Version: 3.0.2.32)

Zuma's Revenge (x32 Version: 2.2.0.98)

==================== Restore Points =========================

27-09-2013 17:30:50 Scheduled Checkpoint

02-10-2013 12:10:02 Windows Update

==================== Hosts content: ==========================

2012-07-25 22:26 - 2012-07-25 22:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0B54A761-D740-4A4E-B0FA-DA5995A8A4CB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-388929709-3002886532-3580485378-1001UA => C:\Users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-28] (Google Inc.)

Task: {157C1445-2E6B-4545-9378-F0BA748B216A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)

Task: {2F837945-6589-44A0-B3D5-B9DF66678DC7} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-15] (Microsoft Corporation)

Task: {38FB5C2F-08E9-45C5-80C8-EBDDFF40CA2B} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe

Task: {40CD09F9-4293-40EA-AA84-D7E9BD78783B} - System32\Tasks\HPCeeScheduleForNick => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)

Task: {52B21296-E217-4895-BE6E-9A3D0D474F88} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2013-04-05] (Microsoft Corporation)

Task: {598ECF22-3B34-4BBA-8F4C-25F5D3185B96} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-30] (Google Inc.)

Task: {76BA18EA-F0AF-40A4-B2F7-10AA8DB829E5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-30] (AVAST Software)

Task: {815796FF-E8C5-48A1-B229-43BB15DD5384} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-30] (Google Inc.)

Task: {83296DE9-CB69-4DD4-984E-D51320930180} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

Task: {982DD7CD-0508-4EC7-BA32-B7C66248C6D0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)

Task: {9C210D7A-02BB-4DC3-ACD5-E83D630AAF82} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)

Task: {AAABD624-6020-4AC4-874D-62A88B725773} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)

Task: {AACBB899-1C70-49BC-9A11-B5C3D26CCE41} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-09-14] (Synaptics Incorporated)

Task: {C73BBCB3-E3CA-4EC9-AD2D-E59D38F2E27F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard)

Task: {CDB68BBF-5E43-41D9-93D3-78C32E6F5E35} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)

Task: {DEE2A66F-E883-45B4-937C-C0A308139669} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard)

Task: {E52BDC8C-ABFB-4CC9-92D4-8AD1E2BA5BC3} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-03-15] (Microsoft Corporation)

Task: {E9DAE87F-0112-4459-9E17-1C38DE9BB1EF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)

Task: {ECA56463-A000-4388-91BE-34572CA1F20A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-388929709-3002886532-3580485378-1001Core => C:\Users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-28] (Google Inc.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-388929709-3002886532-3580485378-1001Core.job => C:\Users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-388929709-3002886532-3580485378-1001UA.job => C:\Users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\HPCeeScheduleForNick.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-02-26 08:02 - 2013-04-05 06:35 - 06523456 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2012-07-26 00:55 - 2012-07-26 00:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll

2012-12-22 23:44 - 2012-09-24 15:13 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2012-10-12 17:22 - 2012-10-12 17:22 - 00120224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll

2013-02-27 03:36 - 2013-02-27 03:36 - 00120224 _____ () C:\Users\Nick\AppData\Local\assembly\dl3\N3E93ABM.0VD\PEPMR55K.D11\234a035b\008b7bc6_d8a8cd01\HPItunesModule.DLL

2012-10-12 17:22 - 2012-10-12 17:22 - 00048544 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll

2012-10-12 17:22 - 2012-10-12 17:22 - 00180224 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll

2012-10-17 10:30 - 2012-10-17 10:30 - 00062968 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll

2013-05-13 10:35 - 2012-06-07 20:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll

2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

2013-05-13 10:35 - 2013-01-27 07:13 - 00806664 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll

2013-05-13 10:35 - 2012-09-25 01:32 - 01320048 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\Language\ENU\P2GRC.dll

2013-05-13 10:35 - 2013-01-27 07:13 - 00175880 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLVistaAudioMixer.dll

2013-02-12 19:38 - 2013-02-12 19:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll

2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll

2012-08-10 16:50 - 2012-08-10 16:50 - 00170496 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll

2013-08-15 22:22 - 2013-08-15 22:22 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\580dd8b0082db602dda6a42bf4fb1b17\PSIClient.ni.dll

2012-12-22 23:43 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

2013-09-30 04:21 - 2013-09-16 20:20 - 00709584 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\libglesv2.dll

2013-09-30 04:21 - 2013-09-16 20:20 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\libegl.dll

2013-09-30 04:21 - 2013-09-16 20:21 - 04053456 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll

2013-09-30 04:21 - 2013-09-16 20:21 - 00410576 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll

2013-09-30 04:21 - 2013-09-16 20:20 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ffmpegsumo.dll

2013-09-30 04:21 - 2013-09-16 20:21 - 13611984 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll

2013-10-02 04:44 - 2013-10-02 01:28 - 02102784 _____ () C:\Program Files\AVAST Software\Avast\defs\13100200\algo.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64

Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Cisco Systems

Service: vpnva

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: avast! SecureLine TAP Adapter

Description: avast! SecureLine TAP Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: TAP-Windows Provider V9

Service: tap0901

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:

==================

Error: (10/02/2013 02:09:49 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 98469

Error: (10/02/2013 02:09:49 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 98469

Error: (10/02/2013 02:09:49 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/02/2013 02:08:12 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 1422

Error: (10/02/2013 02:08:12 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 1422

Error: (10/02/2013 02:08:12 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/02/2013 02:06:46 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 899672

Error: (10/02/2013 02:06:46 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 899672

Error: (10/02/2013 02:06:46 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/02/2013 01:51:47 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 1375

System errors:

=============

Error: (10/02/2013 04:43:36 AM) (Source: Service Control Manager) (User: )

Description: The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (10/02/2013 01:45:10 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)

Description: 0xc000014d0

Error: (09/30/2013 02:56:19 PM) (Source: Schannel) (User: NT AUTHORITY)

Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.

Error: (09/30/2013 02:55:49 PM) (Source: Schannel) (User: NT AUTHORITY)

Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.

Error: (09/30/2013 02:55:19 PM) (Source: Schannel) (User: NT AUTHORITY)

Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.

Error: (09/30/2013 02:16:48 PM) (Source: Schannel) (User: NT AUTHORITY)

Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.

Error: (09/30/2013 02:16:19 PM) (Source: Schannel) (User: NT AUTHORITY)

Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.

Error: (09/30/2013 02:15:48 PM) (Source: Schannel) (User: NT AUTHORITY)

Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.

Error: (09/30/2013 01:56:39 PM) (Source: Schannel) (User: NT AUTHORITY)

Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.

Error: (09/30/2013 01:56:09 PM) (Source: Schannel) (User: NT AUTHORITY)

Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 1203.

Microsoft Office Sessions:

=========================

Error: (10/02/2013 02:09:49 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 98469

Error: (10/02/2013 02:09:49 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 98469

Error: (10/02/2013 02:09:49 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/02/2013 02:08:12 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 1422

Error: (10/02/2013 02:08:12 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 1422

Error: (10/02/2013 02:08:12 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/02/2013 02:06:46 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 899672

Error: (10/02/2013 02:06:46 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 899672

Error: (10/02/2013 02:06:46 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/02/2013 01:51:47 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 1375

==================== Memory info ===========================

Percentage of memory in use: 33%

Total physical RAM: 8081.27 MB

Available physical RAM: 5353.47 MB

Total Pagefile: 9297.27 MB

Available Pagefile: 5969.76 MB

Total Virtual: 8192 MB

Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:671.92 GB) (Free:464.93 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive d: (RECOVERY) (Fixed) (Total:25.95 GB) (Free:3.1 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 699 GB) (Disk ID: A50E1C7D)

Partition: GPT Partition Type

==================== End Of Log ============================

bombpho · October 2, 2013

Farbar Service Scanner Version: 13-09-2013

Ran by Nick (administrator) on 02-10-2013 at 14:26:29

Running from "C:\Users\Nick\Downloads"

Microsoft Windows 8 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is set to Demand. The default start type is Auto.

The ImagePath of wuauserv service is OK.

The ServiceDll of wuauserv service is OK.

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll

[2013-09-11 23:44] - [2013-06-10 12:15] - 0723968 ____A (Microsoft Corporation) 73133A0C0CA63817BFF2CB9DE65B64E7

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll

[2013-09-11 23:47] - [2013-08-15 22:21] - 3275776 ____A (Microsoft Corporation) 9DEC60D4783377097014DFCCA31E69F8

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

bombpho · October 2, 2013

Thank you so much

kevinf80 · October 2, 2013

Do not see a great deal with those logs, nothing to affect your internet connection... Ok we continue:

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST/FRST64 and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Next,

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
When it's done you'll see: Pending: Uncheck any elements you don't want removed.
Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Look over the log especially under Files/Folders for any program you want to save.
If there's a program you want to save, just uncheck it from AdwCleaner.
If you're not sure, post the log for review.
If you're ready to clean it all up.....click the Clean button.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
To restore an item that has been deleted (if necessary):
Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Next,

Please download RogueKiller from here:

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe <- 32 bit version

http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe <- 64 bit version

Make sure to get the correct version for your system.
Quit all running programs
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
Wait until Prescan has finished...
The following EULA will appear, please select accept
Ensure MBR scan, Check faked and AntiRootkit are checked
Select Scan
When the scan completes select Report, copy and paste that to your reply.
The log should be found in RKreport[?].txt on your Desktop
Exit/Close RogueKiller

Next,

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me see those logs...

bombpho · October 3, 2013

Hey, sorry for the late replies but I was on campus and well, with my laptop not connecting I could barely respond. Where is the attatched fixlist.txt? I can't find it

kevinf80 · October 3, 2013

Apologies I guess I forgot to attach that file, was a very long day...... Is attached now...

One other point, the following entry is a Bluetooth service that is in automatic so will run at boot:

HKLM\...\Run: [bTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp

do you use that app?

fixlist.txt

bombpho · October 4, 2013

hey, sorry, i really needed internet so i formatted my laptop which everything was perfectly fine until a couple hours ago. still the same problem... should i repost my logs for the first 2 apps? im on my brothers laptop right now so every response is going to be pretty delayed since I'm going to need to wait until my internet gets those little sparks of workability so i can post the logs.... thanks again, youre myh only hope ( LOL)

bombpho · October 4, 2013

also, no, i dont use a bluetooth app (at least at my knowledge)

hey, if this helps, when i did the malware cleanup (when i deleted over 110 files) i think i might have deleted a registry file or a couple of them. i dont remember but I THINK i saw a registry file in the delete list (dont take my word for it though) i am doing all the transferring right now from laptop to laptop

bombpho · October 4, 2013

Here are the new logs for My reformatted laptop (ugh)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013

Ran by Nicks Laptop (administrator) on NICKS on 03-10-2013 17:40:03

Running from C:\Users\Nicks Laptop\Downloads

Windows 8 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe

(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Microsoft Corporation) C:\Windows\system32\dashost.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

() C:\Windows\system32\valWBFPolicyService.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe

() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe

(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe

(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Microsoft Corporation) C:\Windows\System32\StikyNot.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe