Jump to content

DefaultTab et alia removal help needed


Recommended Posts

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-06-2014 02

Ran by Joan (administrator) on JOANNEWPC on 28-06-2014 14:53:14
Running from C:\Users\Joan\Downloads
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Amazon.com) C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\28261ef1e6c284f4b98994e76635f7a5\windowsstoresetupbox.exe
(Microsoft Corporation) C:\$Windows.~BT\Sources\SetupHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [ATLauncher] => "C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe" /createshortcuts:1
HKLM-x32\...\Run: [ATUninstallIcon] => "C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe" /createuninstallentry:1
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3786986804-1084309202-95179443-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272640 2012-09-12] (Microsoft Corporation)
HKU\S-1-5-21-3786986804-1084309202-95179443-1001\...\Run: [GoogleChromeAutoLaunch_26D3DCC4CA004519E62DF1DF05F27160] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
HKU\S-1-5-21-3786986804-1084309202-95179443-1001\...\Run: [spotify] => C:\Users\Joan\AppData\Roaming\Spotify\Spotify.exe [4640768 2013-07-05] (Spotify Ltd)
HKU\S-1-5-21-3786986804-1084309202-95179443-1001\...\Run: [spotify Web Helper] => C:\Users\Joan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-05] (Spotify Ltd)
HKU\S-1-5-21-3786986804-1084309202-95179443-1001\...\Run: [MobileAppSync] => "C:\Program Files (x86)\Mobile App Sync\D2MClient.exe"
HKU\S-1-5-21-3786986804-1084309202-95179443-1001\...\Run: [Google Update] => C:\Users\Joan\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-12-24] (Google Inc.)
HKU\S-1-5-21-3786986804-1084309202-95179443-1001\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566984 2014-04-25] (Safer-Networking Ltd.)
HKU\S-1-5-21-3786986804-1084309202-95179443-1001\...\MountPoints2: {afcff34e-76f4-11e3-bec6-50465d403dbd} - "G:\setup.exe" -a
HKU\S-1-5-21-3786986804-1084309202-95179443-1001\...\MountPoints2: {f7dbfa4a-87a7-11e3-becb-50465d403dbd} - "F:\TL-Bootstrap.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk
ShortcutTarget: Amazon Unbox.lnk -> C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe (Amazon.com)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: AsusWSShellExt_U -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: MOBK -> {3c3f3c1a-9153-7c05-f938-622e7003894d} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: MOBK2 -> {e6ea1d7d-144e-b977-98c4-84c53c1a69d0} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: MOBK3 -> {b4caf489-1eec-c617-49ad-8d7088598c06} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - DefaultScope {FFA2FE5D-D6FE-475F-8AA4-28C9CAD13FD5} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
FireFox:
========
FF ProfilePath: C:\Users\Joan\AppData\Roaming\Mozilla\Firefox\Profiles\smupq7gn.default
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=mcafee&type=A111US0&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @ei.UtilityChest_49.com/Plugin - C:\Program Files (x86)\UtilityChest_49EI\Installr\1.bin\NP49EISB.dll (Utility Chest)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Joan\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Joan\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Joan\AppData\Roaming\Mozilla\Firefox\Profiles\smupq7gn.default\searchplugins\conduit-search-1.xml
FF SearchPlugin: C:\Users\Joan\AppData\Roaming\Mozilla\Firefox\Profiles\smupq7gn.default\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension: Add Google Search To New Tab Page - C:\Users\Joan\AppData\Roaming\Mozilla\Firefox\Profiles\smupq7gn.default\Extensions\newtabgoogle@graememcc.co.uk.xpi [2013-05-02]
FF Extension: Pinterest Pin Button - C:\Users\Joan\AppData\Roaming\Mozilla\Firefox\Profiles\smupq7gn.default\Extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi [2013-05-02]
FF Extension: Adblock Plus - C:\Users\Joan\AppData\Roaming\Mozilla\Firefox\Profiles\smupq7gn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-21]
FF HKLM-x32\...\Firefox\Extensions: [12x3q@3244516.com] - C:\Program Files (x86)\Better-Surf\ff
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-03-03]
 
Chrome: 
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3324316&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPDABCB3C1-6FA6-4A9A-92DA-21A3F99A9023&SSPV=
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (IntelÃÂî Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (IntelÃÂî Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Utility Chest Installer Plugin Stub) - C:\Program Files (x86)\UtilityChest_49EI\Installr\1.bin\NP49EISB.dll (Utility Chest)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (AdBlock) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-11-14]
CHR Extension: (Google Wallet) - C:\Users\Joan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR HKCU\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Joan\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-07-04]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-07-04]
CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Joan\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-07-04]
CHR HKLM-x32\...\Chrome\Extension: [pfcacakmgoekhdobplhklokajckccpaf] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1555\ch\MediaViewerV1alpha1555.crx [2013-07-04]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2011-11-23] (Amazon.com) [File not signed]
S3 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation)
S3 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [30080 2012-09-30] (Intel Corporation)
S3 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [37760 2012-09-30] (Intel Corporation)
S3 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S3 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-30] (Intel Corporation)
S3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)
R3 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R3 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-03-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-04-03] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-04-03] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
R3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-10-22] (VIA Technologies, Inc.)
S3 WakeupService; C:\Program Files\ASUS\ASUS VivoBook\ASUSWakeupService.exe [42336 2012-11-16] (ASUSTek Computer Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S3 ATP; C:\Windows\System32\drivers\AsusTP.sys [62848 2012-11-20] (ASUS Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-04-03] (McAfee, Inc.)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107328 2012-09-30] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42816 2012-09-30] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64832 2012-09-30] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96576 2012-09-30] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [229184 2012-09-30] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [363328 2012-09-30] (Intel Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-30] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [177544 2014-04-03] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311856 2014-04-03] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-04-03] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-04-03] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [784760 2014-04-03] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [441264 2014-03-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-03-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [346760 2014-04-03] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [53760 2012-09-28] (Apple, Inc.) [File not signed]
U0 msahci; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-28 14:53 - 2014-06-28 14:54 - 00028034 _____ () C:\Users\Joan\Downloads\FRST.txt
2014-06-28 14:52 - 2014-06-28 14:53 - 00000000 ____D () C:\FRST
2014-06-28 14:51 - 2014-06-28 14:51 - 02083328 _____ (Farbar) C:\Users\Joan\Downloads\FRST64.exe
2014-06-28 14:47 - 2014-06-28 14:47 - 00265752 _____ (Secure By Design Inc.) C:\Users\Joan\Downloads\Ninite Picasa Installer (1).exe
2014-06-28 14:45 - 2014-06-28 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2014-06-28 14:45 - 2014-06-28 14:45 - 00001126 _____ () C:\Users\Public\Desktop\Picasa 3.lnk
2014-06-28 14:44 - 2014-06-28 14:44 - 00265752 _____ (Secure By Design Inc.) C:\Users\Joan\Downloads\Ninite Picasa Installer.exe
2014-06-28 12:11 - 2014-06-28 12:15 - 00000181 _____ () C:\Windows\wininit.ini
2014-06-28 11:44 - 2014-06-28 11:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-06-28 02:50 - 2014-06-28 02:50 - 00003182 _____ () C:\Windows\System32\Tasks\{52791A85-96E3-4940-B425-1EA1C14BA769}
2014-06-28 02:49 - 2014-06-28 02:49 - 00001360 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2014-06-28 02:49 - 2014-06-28 02:49 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-06-28 02:49 - 2014-06-28 02:49 - 00000000 ____D () C:\Users\Joan\AppData\Roaming\Foxit Software
2014-06-28 02:49 - 2014-06-28 02:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-06-28 02:49 - 2014-06-28 02:49 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2014-06-28 02:48 - 2014-06-28 02:48 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-28 02:48 - 2014-06-28 02:48 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-28 02:48 - 2014-06-28 02:48 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-28 02:48 - 2014-06-28 02:48 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-28 02:48 - 2014-06-28 02:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2014-06-28 02:48 - 2014-06-28 02:48 - 00000000 ____D () C:\Program Files\Java
2014-06-28 02:48 - 2014-06-28 02:48 - 00000000 ____D () C:\Program Files (x86)\GPLGS
2014-06-28 02:48 - 2014-06-28 02:48 - 00000000 ____D () C:\Program Files (x86)\Acro Software
2014-06-28 02:48 - 2013-10-23 14:24 - 00087600 _____ () C:\Windows\system32\cpwmon64.dll
2014-06-28 02:47 - 2014-06-28 02:47 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-28 02:47 - 2014-06-28 02:47 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-28 02:47 - 2014-06-28 02:47 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-28 02:47 - 2014-06-28 02:47 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-28 02:47 - 2014-06-28 02:47 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-06-28 02:47 - 2014-06-28 02:47 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-06-28 02:47 - 2014-06-28 02:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-06-28 02:47 - 2014-06-28 02:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-28 02:47 - 2014-06-28 02:47 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-28 02:46 - 2014-06-28 02:46 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-06-28 02:46 - 2014-06-28 02:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-06-28 02:45 - 2014-06-28 02:45 - 00265752 _____ (Secure By Design Inc.) C:\Users\Joan\Downloads\Ninite Air CutePDF Foxit Reader Java Installer.exe
2014-06-28 02:44 - 2014-06-28 02:44 - 02003352 _____ (Acro Software Inc. ) C:\Users\Joan\Downloads\CuteWriter.exe
2014-06-28 02:06 - 2014-06-28 14:28 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-28 02:04 - 2014-06-28 12:11 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-28 02:04 - 2014-06-28 02:08 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-28 02:04 - 2014-06-28 02:04 - 00001393 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-28 02:04 - 2014-06-28 02:04 - 00001381 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-28 02:04 - 2014-06-28 02:04 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-28 02:04 - 2014-06-28 02:04 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-06-28 02:04 - 2014-06-28 02:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-28 02:04 - 2014-06-28 02:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-28 02:04 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-06-28 02:03 - 2014-06-28 02:47 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-06-28 02:03 - 2014-06-28 02:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-28 02:03 - 2014-06-28 02:03 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-28 02:03 - 2014-06-28 02:03 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-06-28 02:03 - 2014-06-28 02:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-28 02:03 - 2014-05-12 08:05 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-28 02:03 - 2014-05-12 08:05 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-28 02:03 - 2014-05-12 08:05 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-28 02:01 - 2014-06-28 02:01 - 00001068 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-06-28 02:01 - 2014-06-28 02:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-06-28 01:59 - 2014-06-28 01:59 - 00001033 _____ () C:\Users\Public\Desktop\WinDirStat.lnk
2014-06-28 01:59 - 2014-06-28 01:59 - 00000000 ____D () C:\Users\Joan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2014-06-28 01:59 - 2014-06-28 01:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
2014-06-28 01:59 - 2014-06-28 01:59 - 00000000 ____D () C:\Program Files (x86)\WinDirStat
2014-06-28 01:57 - 2014-06-28 01:57 - 00265752 _____ (Secure By Design Inc.) C:\Users\Joan\Downloads\Ninite AdAware Malwarebytes Reader Spybot 2 VLC Installer.exe
2014-06-27 13:26 - 2014-06-27 13:26 - 00001095 _____ () C:\Users\Public\Documents\Documents - Shortcut.lnk
2014-06-27 04:04 - 2014-06-27 04:04 - 00003584 _____ () C:\Users\Joan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-26 23:28 - 2014-06-26 23:28 - 00000687 _____ () C:\awhE2BB.tmp
2014-06-26 23:22 - 2014-06-26 23:22 - 00000687 _____ () C:\awhEF0F.tmp
2014-06-25 17:54 - 2014-06-25 17:54 - 00000687 _____ () C:\awhA792.tmp
2014-06-25 17:36 - 2014-06-25 17:36 - 00000000 ___SH () C:\DkHyperbootSync
2014-06-24 21:33 - 2014-06-24 21:33 - 00002990 _____ () C:\Windows\System32\Tasks\Synaptics TouchPad Enhancements
2014-06-24 21:33 - 2014-06-24 21:33 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2014-06-24 21:33 - 2014-06-24 21:33 - 00000000 ____D () C:\Program Files\Synaptics
2014-06-23 22:26 - 2014-06-23 22:26 - 00000687 _____ () C:\awh6EBC.tmp
2014-06-19 23:53 - 2014-06-19 23:53 - 00000687 _____ () C:\awhB927.tmp
2014-06-17 22:38 - 2014-06-17 22:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-17 15:18 - 2014-06-17 15:18 - 00246784 _____ () C:\Windows\SysWOW64\hfpapi.dll
2014-06-17 15:18 - 2014-06-17 15:18 - 00108544 _____ () C:\Windows\SysWOW64\installd.exe
2014-06-17 15:18 - 2014-06-17 15:18 - 00108544 _____ () C:\Windows\SysWOW64\hfnapi.dll
2014-06-11 08:03 - 2014-05-03 01:47 - 03246592 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 08:03 - 2014-05-02 23:34 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-06-11 08:02 - 2014-05-23 22:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 08:02 - 2014-05-23 22:47 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 08:02 - 2014-05-23 22:47 - 01366016 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 08:02 - 2014-05-23 22:47 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-06-11 08:02 - 2014-05-23 22:47 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-06-11 08:02 - 2014-05-23 22:46 - 19290112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 08:02 - 2014-05-23 22:46 - 15368704 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 08:02 - 2014-05-23 22:46 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 08:02 - 2014-05-23 22:46 - 02650112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 08:02 - 2014-05-23 22:46 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-11 08:02 - 2014-05-23 22:46 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 08:02 - 2014-05-23 22:46 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 08:02 - 2014-05-23 22:46 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-11 08:02 - 2014-05-23 22:46 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 08:02 - 2014-05-23 22:46 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 08:02 - 2014-05-23 22:46 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 08:02 - 2014-05-23 22:45 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 08:02 - 2014-05-23 22:45 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 08:02 - 2014-05-23 22:45 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 08:02 - 2014-05-23 21:26 - 14365696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 08:02 - 2014-05-23 21:26 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 08:02 - 2014-05-23 21:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 08:02 - 2014-05-23 21:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 08:02 - 2014-05-23 21:26 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 08:02 - 2014-05-23 21:26 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 08:02 - 2014-05-23 21:26 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-06-11 08:02 - 2014-05-23 21:25 - 13731328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 08:02 - 2014-05-23 21:25 - 02862080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 08:02 - 2014-05-23 21:25 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 08:02 - 2014-05-23 21:25 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 08:02 - 2014-05-23 21:25 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-11 08:02 - 2014-05-23 21:25 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 08:02 - 2014-05-23 21:25 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 08:02 - 2014-05-23 21:25 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-06-11 08:02 - 2014-05-23 21:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 08:02 - 2014-05-23 21:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 08:02 - 2014-05-23 21:25 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 08:02 - 2014-05-23 21:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 08:02 - 2014-05-23 18:37 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-06-11 08:02 - 2014-04-29 18:32 - 01301504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-06-11 08:02 - 2014-04-29 18:22 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-06-11 08:02 - 2014-04-03 07:19 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-06-11 08:02 - 2014-04-02 23:44 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-06-11 08:02 - 2014-03-31 18:08 - 00387268 _____ () C:\Windows\system32\ApnDatabase.xml
2014-06-11 08:02 - 2014-03-24 19:42 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-06-11 08:02 - 2014-03-24 18:56 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2014-06-11 08:01 - 2014-05-23 22:46 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 08:01 - 2014-05-23 21:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 08:01 - 2014-04-03 07:22 - 02233176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 08:01 - 2014-03-06 20:47 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 08:01 - 2014-03-06 20:08 - 01845760 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-06 06:47 - 2014-06-06 06:47 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
 
==================== One Month Modified Files and Folders =======
 
2014-06-28 14:54 - 2014-06-28 14:53 - 00028034 _____ () C:\Users\Joan\Downloads\FRST.txt
2014-06-28 14:53 - 2014-06-28 14:52 - 00000000 ____D () C:\FRST
2014-06-28 14:53 - 2013-09-28 20:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-28 14:52 - 2012-12-17 09:36 - 01888029 _____ () C:\Windows\WindowsUpdate.log
2014-06-28 14:51 - 2014-06-28 14:51 - 02083328 _____ (Farbar) C:\Users\Joan\Downloads\FRST64.exe
2014-06-28 14:51 - 2014-03-18 07:47 - 00000000 ___HD () C:\$Windows.~BT
2014-06-28 14:47 - 2014-06-28 14:47 - 00265752 _____ (Secure By Design Inc.) C:\Users\Joan\Downloads\Ninite Picasa Installer (1).exe
2014-06-28 14:47 - 2014-06-28 14:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2014-06-28 14:45 - 2014-06-28 14:45 - 00001126 _____ () C:\Users\Public\Desktop\Picasa 3.lnk
2014-06-28 14:45 - 2013-01-17 20:33 - 00000000 ____D () C:\Users\Joan\AppData\Local\Google
2014-06-28 14:45 - 2013-01-17 20:33 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-28 14:44 - 2014-06-28 14:44 - 00265752 _____ (Secure By Design Inc.) C:\Users\Joan\Downloads\Ninite Picasa Installer.exe
2014-06-28 14:44 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-06-28 14:41 - 2013-01-17 15:36 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3786986804-1084309202-95179443-1001
2014-06-28 14:28 - 2014-06-28 02:06 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-28 14:25 - 2013-01-17 20:33 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-28 14:01 - 2014-02-15 04:40 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786986804-1084309202-95179443-1001UA1cf2a298dcbc318.job
2014-06-28 14:00 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\sru
2014-06-28 12:15 - 2014-06-28 12:11 - 00000181 _____ () C:\Windows\wininit.ini
2014-06-28 12:11 - 2014-06-28 02:04 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-28 12:00 - 2014-01-08 09:57 - 00003474 _____ () C:\Windows\System32\Tasks\ASUS Live Update1
2014-06-28 12:00 - 2014-01-08 09:57 - 00003464 _____ () C:\Windows\System32\Tasks\ASUS Live Update2
2014-06-28 11:44 - 2014-06-28 11:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-06-28 11:44 - 2013-03-03 17:45 - 00001846 _____ () C:\Users\Public\Desktop\McAfee Total Protection.lnk
2014-06-28 02:57 - 2013-01-17 20:33 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-28 02:56 - 2012-08-01 21:20 - 00302400 _____ () C:\Windows\PFRO.log
2014-06-28 02:56 - 2012-07-26 03:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-28 02:56 - 2012-07-26 01:26 - 00786432 ___SH () C:\Windows\system32\config\BBI
2014-06-28 02:52 - 2013-01-26 10:45 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-28 02:50 - 2014-06-28 02:50 - 00003182 _____ () C:\Windows\System32\Tasks\{52791A85-96E3-4940-B425-1EA1C14BA769}
2014-06-28 02:49 - 2014-06-28 02:49 - 00001360 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2014-06-28 02:49 - 2014-06-28 02:49 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-06-28 02:49 - 2014-06-28 02:49 - 00000000 ____D () C:\Users\Joan\AppData\Roaming\Foxit Software
2014-06-28 02:49 - 2014-06-28 02:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2014-06-28 02:49 - 2014-06-28 02:49 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2014-06-28 02:48 - 2014-06-28 02:48 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-28 02:48 - 2014-06-28 02:48 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-28 02:48 - 2014-06-28 02:48 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-28 02:48 - 2014-06-28 02:48 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-28 02:48 - 2014-06-28 02:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2014-06-28 02:48 - 2014-06-28 02:48 - 00000000 ____D () C:\Program Files\Java
2014-06-28 02:48 - 2014-06-28 02:48 - 00000000 ____D () C:\Program Files (x86)\GPLGS
2014-06-28 02:48 - 2014-06-28 02:48 - 00000000 ____D () C:\Program Files (x86)\Acro Software
2014-06-28 02:47 - 2014-06-28 02:47 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-06-28 02:47 - 2014-06-28 02:47 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-06-28 02:47 - 2014-06-28 02:47 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-06-28 02:47 - 2014-06-28 02:47 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-28 02:47 - 2014-06-28 02:47 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-06-28 02:47 - 2014-06-28 02:47 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-06-28 02:47 - 2014-06-28 02:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-06-28 02:47 - 2014-06-28 02:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-28 02:47 - 2014-06-28 02:47 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-28 02:47 - 2014-06-28 02:03 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-06-28 02:47 - 2013-06-04 15:41 - 00000000 ____D () C:\Users\Joan\AppData\Local\Adobe
2014-06-28 02:47 - 2013-01-17 15:29 - 00000000 ____D () C:\Users\Joan\AppData\Roaming\Adobe
2014-06-28 02:47 - 2012-08-04 21:42 - 00000000 ____D () C:\ProgramData\Adobe
2014-06-28 02:46 - 2014-06-28 02:46 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-06-28 02:46 - 2014-06-28 02:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-06-28 02:45 - 2014-06-28 02:45 - 00265752 _____ (Secure By Design Inc.) C:\Users\Joan\Downloads\Ninite Air CutePDF Foxit Reader Java Installer.exe
2014-06-28 02:44 - 2014-06-28 02:44 - 02003352 _____ (Acro Software Inc. ) C:\Users\Joan\Downloads\CuteWriter.exe
2014-06-28 02:28 - 2013-07-05 22:13 - 00000000 ____D () C:\Users\Joan\AppData\Roaming\DefaultTab
2014-06-28 02:28 - 2013-02-03 15:08 - 00000000 ____D () C:\Windows\PCHEALTH
2014-06-28 02:25 - 2014-02-23 19:48 - 00000000 ____D () C:\Program Files (x86)\MediaViewerV1
2014-06-28 02:25 - 2014-02-04 12:26 - 00000000 ____D () C:\Program Files\Conduit
2014-06-28 02:25 - 2013-07-05 22:01 - 00000000 ____D () C:\Users\Joan\AppData\Local\SwvUpdater
2014-06-28 02:25 - 2013-07-05 21:59 - 00000000 ____D () C:\Program Files (x86)\Conduit
2014-06-28 02:22 - 2014-04-25 23:48 - 00000000 ____D () C:\Program Files (x86)\MediaBuzzV1
2014-06-28 02:20 - 2014-02-04 12:29 - 00000000 ____D () C:\Users\Joan\AppData\Local\genienext
2014-06-28 02:08 - 2014-06-28 02:04 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-28 02:04 - 2014-06-28 02:04 - 00001393 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-28 02:04 - 2014-06-28 02:04 - 00001381 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-06-28 02:04 - 2014-06-28 02:04 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-28 02:04 - 2014-06-28 02:04 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-06-28 02:04 - 2014-06-28 02:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-28 02:04 - 2014-06-28 02:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-28 02:04 - 2014-06-28 02:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-28 02:03 - 2014-06-28 02:03 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-28 02:03 - 2014-06-28 02:03 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-06-28 02:03 - 2014-06-28 02:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-28 02:01 - 2014-06-28 02:01 - 00001068 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-06-28 02:01 - 2014-06-28 02:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-06-28 02:00 - 2013-02-03 13:44 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-06-28 01:59 - 2014-06-28 01:59 - 00001033 _____ () C:\Users\Public\Desktop\WinDirStat.lnk
2014-06-28 01:59 - 2014-06-28 01:59 - 00000000 ____D () C:\Users\Joan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2014-06-28 01:59 - 2014-06-28 01:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
2014-06-28 01:59 - 2014-06-28 01:59 - 00000000 ____D () C:\Program Files (x86)\WinDirStat
2014-06-28 01:57 - 2014-06-28 01:57 - 00265752 _____ (Secure By Design Inc.) C:\Users\Joan\Downloads\Ninite AdAware Malwarebytes Reader Spybot 2 VLC Installer.exe
2014-06-27 13:26 - 2014-06-27 13:26 - 00001095 _____ () C:\Users\Public\Documents\Documents - Shortcut.lnk
2014-06-27 04:04 - 2014-06-27 04:04 - 00003584 _____ () C:\Users\Joan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-26 23:41 - 2013-01-17 15:28 - 00000000 ____D () C:\Users\Joan\AppData\Local\Packages
2014-06-26 23:28 - 2014-06-26 23:28 - 00000687 _____ () C:\awhE2BB.tmp
2014-06-26 23:22 - 2014-06-26 23:22 - 00000687 _____ () C:\awhEF0F.tmp
2014-06-25 19:01 - 2013-12-24 14:30 - 00000872 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786986804-1084309202-95179443-1001Core.job
2014-06-25 17:54 - 2014-06-25 17:54 - 00000687 _____ () C:\awhA792.tmp
2014-06-25 17:51 - 2014-01-08 09:57 - 00002008 _____ () C:\Windows\System32\Tasks\ASUS Live Update
2014-06-25 17:51 - 2012-12-17 09:52 - 00002270 _____ () C:\Windows\System32\Tasks\ASUS Patch for Touch Panel
2014-06-25 17:51 - 2012-12-17 09:32 - 00002048 _____ () C:\Windows\System32\Tasks\ASUS P4G
2014-06-25 17:50 - 2013-02-02 20:31 - 00060416 ___SH () C:\Users\Joan\Desktop\Thumbs.db
2014-06-25 17:39 - 2013-01-17 15:28 - 00000000 ____D () C:\Users\Joan
2014-06-25 17:38 - 2013-03-03 17:41 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-06-25 17:38 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-06-25 17:36 - 2014-06-25 17:36 - 00000000 ___SH () C:\DkHyperbootSync
2014-06-24 21:33 - 2014-06-24 21:33 - 00002990 _____ () C:\Windows\System32\Tasks\Synaptics TouchPad Enhancements
2014-06-24 21:33 - 2014-06-24 21:33 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2014-06-24 21:33 - 2014-06-24 21:33 - 00000000 ____D () C:\Program Files\Synaptics
2014-06-24 21:33 - 2012-07-26 03:21 - 00043169 _____ () C:\Windows\setupact.log
2014-06-23 22:26 - 2014-06-23 22:26 - 00000687 _____ () C:\awh6EBC.tmp
2014-06-20 10:02 - 2012-07-26 03:28 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-20 10:00 - 2013-01-17 15:32 - 00000401 _____ () C:\Users\Joan\AppData\Roaming\sp_data.sys
2014-06-20 10:00 - 2012-12-17 09:33 - 00000000 _____ () C:\Windows\System32\Tasks\ASUS Splendid ACMON
2014-06-20 10:00 - 2012-12-17 09:32 - 00003028 _____ () C:\Windows\System32\Tasks\ASUS USB Charger Plus
2014-06-20 10:00 - 2012-12-17 09:28 - 00000000 _____ () C:\Windows\System32\Tasks\ASUS Patch for VIA Audio
2014-06-20 09:58 - 2013-02-16 20:59 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-06-20 09:54 - 2013-05-01 23:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-19 23:53 - 2014-06-19 23:53 - 00000687 _____ () C:\awhB927.tmp
2014-06-19 18:56 - 2014-02-15 04:40 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3786986804-1084309202-95179443-1001UA1cf2a298dcbc318
2014-06-19 18:56 - 2013-12-24 14:30 - 00003488 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3786986804-1084309202-95179443-1001Core
2014-06-17 22:38 - 2014-06-17 22:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-17 21:20 - 2013-01-17 20:33 - 00003886 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-17 21:20 - 2013-01-17 20:33 - 00003650 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-17 00:18 - 2012-08-04 21:43 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-06-16 19:26 - 2014-04-21 18:30 - 00000000 ____D () C:\Users\Joan\Documents\A - Suits
2014-06-14 10:15 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\rescache
2014-06-11 08:29 - 2012-07-26 03:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-06-11 08:27 - 2013-08-14 15:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 08:26 - 2013-01-18 10:47 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-06 06:47 - 2014-06-06 06:47 - 04558848 _____ (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2014-06-03 01:11 - 2013-02-03 13:45 - 00000000 ____D () C:\Users\Joan\AppData\Roaming\vlc
2014-05-31 01:16 - 2012-07-26 04:14 - 00703992 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-31 01:16 - 2012-07-26 04:14 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-30 10:05 - 2013-03-07 20:54 - 00000000 ____D () C:\Users\Joan\Documents\C.I
2014-05-29 22:01 - 2013-01-19 13:51 - 00635904 ___SH () C:\Users\Joan\Downloads\Thumbs.db
 
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-22 05:27
 
==================== End Of Log ============================

 
Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-06-2014 02

Ran by Joan at 2014-06-28 14:55:07
Running from C:\Users\Joan\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
 ASUS VivoBook (HKLM\...\{04FDBE69-F9FD-42A2-9008-E5CE7F60C6BE}) (Version: 1.0.22 - ASUS)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.9.145.62246 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.9.145.62246 - Alcor Micro Corp.) Hidden
Amazon Unbox Video (HKLM-x32\...\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 2.2.0.153 - Amazon.com)
Amazon Unbox Video (x32 Version: 2.2.0.153 - Amazon.com) Hidden
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.5 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.5 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.5 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.7 - ASUS)
ASUS S Series Product Demo (HKLM-x32\...\{387AA3E2-B9FE-4DA1-A097-A0D2213E8794}) (Version: 1.0.0 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0006 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.6 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0025 - ASUS)
ChromecastApp (HKCU\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.316.0 - Google Inc.)
Classic Shell (HKLM\...\{FEA1590B-540A-41FC-A95C-664493C82A21}) (Version: 3.6.8 - IvoSoft)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defaulttab (HKLM-x32\...\DefaultTab) (Version: 2.5.0.0 - Search Results, LLC) <==== ATTENTION
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.2.0.429 - Foxit Corporation)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 6.0.6.1082 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2875 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Online Backup (Version: 1.16.4.0 - McAfee, Inc.) Hidden
McAfee Online Backup (x32 Version:  - McAfee, Inc.) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 12.8.958 - McAfee, Inc.)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4623.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Network System Driver (HKLM-x32\...\inethnfd) (Version: 1.0.0.3001 - ) <==== ATTENTION
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Spotify (HKCU\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.21 - Synaptics Incorporated)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DB}) (Version: 17.5.10480 - WinZip Computing, S.L. )
 
==================== Restore Points  =========================
 
25-06-2014 01:31:50 Windows Update
28-06-2014 05:46:02 Windows Update
 
==================== Hosts content: ==========================
 
2012-07-26 01:26 - 2012-07-26 01:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {038E1508-3E33-4B3C-88F3-1FBFB77D9BD1} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-08-15] (ASUSTeK Computer Inc.)
Task: {0951CD3D-6957-4954-9382-868F224EB685} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-28] (Synaptics Incorporated)
Task: {0DEA5695-FF21-481A-9937-4EFFDF6EC830} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3786986804-1084309202-95179443-1001Core => C:\Users\Joan\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-24] (Google Inc.)
Task: {16C30B88-1592-4261-B22A-A38FFA6E1DA4} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {16DC8E1A-6E84-4848-B34A-D7632A4A072B} - System32\Tasks\DTReg => C:\Windows\system32\config\systemprofile\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe <==== ATTENTION
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1EF1A5FD-D305-4095-896F-E3E82F7D8D57} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2B677D43-F68A-4444-BA84-324EFAD3BB2F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-06-20] (Microsoft Corporation)
Task: {2EDA0183-B8F9-46DB-96CC-807DE2CAD251} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-17] (Google Inc.)
Task: {4030BA2B-28E6-4AD3-9967-1ECD201EF117} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {5DDA07D3-4953-406B-8633-64FC83E21BBA} - System32\Tasks\ASUS VivoBook => C:\Program Files\ASUS\ASUS VivoBook\VivoBook.exe [2012-11-21] (ASUSTeK Computer Inc.)
Task: {5DF5BD13-34EE-4222-A6A9-0507EF785665} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-06-11] (Microsoft Corporation)
Task: {654BB375-5076-45FA-BCB3-223E9EDBC1A1} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {73F572CB-2954-4A8F-BCC0-CFC3DF7C0E41} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {7775F75D-F1F6-4F3B-8618-F4ACE26B60FB} - System32\Tasks\DTChk => C:\Users\Public\Util\DTChk.exe [2014-05-21] (Search Results, LLC)
Task: {86431B7D-8E8D-4262-821A-EBDBCA9F22DB} - System32\Tasks\ASUS Patch for Touch Panel => C:\Windows\Temp\AsTouchPanel\AsPatchTouchPanel64.exe
Task: {8ABFE636-B482-4C00-845D-F42AEDDD2959} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {94CCB0C3-2D25-4FF1-8AF4-6C8BBEA946EA} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-08-15] (ASUSTeK Computer Inc.)
Task: {95D500AD-96CA-480B-8064-FDA0A8FF5C68} - System32\Tasks\ASUS Patch for VIA Audio
Task: {9F7A2DE7-8F5E-4AC8-AB74-1E2D66D91D18} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-08-15] (ASUSTeK Computer Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {ACE7C0A9-2392-408D-B674-19E10FA8E627} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-06-20] (Microsoft Corporation)
Task: {AEBB0144-C472-4A7F-86FC-2887D00DC9FB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3786986804-1084309202-95179443-1001UA1cf2a298dcbc318 => C:\Users\Joan\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-24] (Google Inc.)
Task: {B5150E6A-CCAD-4879-812A-AAACD9141C5F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {BA5FEFFC-C367-423B-AD6F-57A0B1FCDB10} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-17] (Google Inc.)
Task: {C1A46F01-0D85-4C72-B1B9-8C8BABD757D7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {C2A33BD6-774C-469A-B24A-C0306CF985A8} - System32\Tasks\ASUS Splendid ACMON
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D3B2DA06-061A-40AC-8A64-AF9F4CB3FF30} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-05-13] (Microsoft Corporation)
Task: {EA6EA6D2-746B-4686-A751-D557BC913D91} - System32\Tasks\{3FA6BF71-1A03-408C-8E1E-9FCEB4655E8B} => Chrome.exe http://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsWLM
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F8A11310-84F6-45F9-BE16-EADA761347D0} - System32\Tasks\{2B6F3343-B344-4DFE-BA51-16335B711DC5} => Chrome.exe http://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsWLM
Task: {FEF9CFA9-6DC2-451B-AEEA-954F079FE06E} - System32\Tasks\Microsoft\Windows\Setup\Windows Setup Resume Task => C:\$Windows.~BT\Sources\SetupHost.Exe [2014-03-29] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786986804-1084309202-95179443-1001Core.job => C:\Users\Joan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3786986804-1084309202-95179443-1001UA1cf2a298dcbc318.job => C:\Users\Joan\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-06-28 02:48 - 2013-10-23 14:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2014-03-22 23:41 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2010-04-13 21:11 - 2010-04-13 21:11 - 00083256 _____ () C:\Program Files (x86)\McAfee Online Backup\librs2.dll
2014-05-23 13:58 - 2014-06-20 06:37 - 08890536 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-06-28 02:04 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-06-28 02:04 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-06-28 02:04 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-06-28 02:04 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-06-28 02:04 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2011-11-23 22:21 - 2011-11-23 22:21 - 00105576 ____R () C:\Program Files (x86)\Amazon\Amazon Unbox Video\LimelightDownloadManager.dll
2013-04-27 11:24 - 2013-04-27 11:24 - 00071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll
2014-06-12 23:23 - 2014-06-05 09:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-12 23:23 - 2014-06-05 09:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-17 22:38 - 2014-06-17 22:38 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-06-12 23:23 - 2014-06-05 09:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-12 23:23 - 2014-06-05 09:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-12 23:23 - 2014-06-05 09:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
MSCONFIG\Services: ADVService => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe /S
MSCONFIG\startupreg: ATLauncher => "C:\Program Files\McAfee\MSC\OOBE\ATLauncher.exe" /createshortcuts:1
MSCONFIG\startupreg: DisableS3S4 => c:\windows\temp\DisableS3S464\sethigh.cmd
MSCONFIG\startupreg: DptfPolicyLpmServiceHelper => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe
MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: VIAAUD => C:\Program Files (x86)\VIA\VIAudioi\VDeck\viaaud.exe
HKLM\...\StartupApproved\StartupFolder: => "Amazon Unbox.lnk"
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SearchProtectAll"
HKLM\...\StartupApproved\Run32: => "vProt"
HKCU\...\StartupApproved\StartupFolder: => "DesktopWeatherAlerts.lnk"
HKCU\...\StartupApproved\StartupFolder: => "MyPC Backup.lnk"
HKCU\...\StartupApproved\StartupFolder: => "Weather Alerts.lnk"
HKCU\...\StartupApproved\Run: => "MobileAppSync"
HKCU\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_26D3DCC4CA004519E62DF1DF05F27160"
HKCU\...\StartupApproved\Run: => "SearchProtect"
HKCU\...\StartupApproved\Run: => "Spotify"
HKCU\...\StartupApproved\Run: => "Spotify Web Helper"
HKCU\...\StartupApproved\Run: => "msnmsgr"
HKCU\...\StartupApproved\Run: => "Optimizer Pro"
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/28/2014 02:52:10 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The configuration registry database is corrupt.
 
Error: (06/28/2014 02:52:10 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. 
 
 DETAIL - The configuration registry database is corrupt.
 for C:\Users\Joan\AppData\Local\Microsoft\Windows\\UsrClass.dat
 
Error: (06/28/2014 02:52:09 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The configuration registry database is corrupt.
 
Error: (06/28/2014 02:52:09 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. 
 
 DETAIL - The configuration registry database is corrupt.
 for C:\Users\Joan\AppData\Local\Microsoft\Windows\\UsrClass.dat
 
Error: (06/28/2014 02:47:06 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The configuration registry database is corrupt.
 
Error: (06/28/2014 02:47:06 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. 
 
 DETAIL - The configuration registry database is corrupt.
 for C:\Users\Joan\AppData\Local\Microsoft\Windows\\UsrClass.dat
 
Error: (06/28/2014 02:47:06 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The configuration registry database is corrupt.
 
Error: (06/28/2014 02:47:06 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. 
 
 DETAIL - The configuration registry database is corrupt.
 for C:\Users\Joan\AppData\Local\Microsoft\Windows\\UsrClass.dat
 
Error: (06/28/2014 02:46:51 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The configuration registry database is corrupt.
 
Error: (06/28/2014 02:46:51 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. 
 
 DETAIL - The configuration registry database is corrupt.
 for C:\Users\Joan\AppData\Local\Microsoft\Windows\\UsrClass.dat
 
 
System errors:
=============
Error: (06/28/2014 02:44:27 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.BingNews.
 
Error: (06/28/2014 02:44:11 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: B9ECED6F.ASUSCalculator.
 
Error: (06/28/2014 02:44:11 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.ZuneMusic.
 
Error: (06/28/2014 02:44:06 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.BingWeather.
 
Error: (06/28/2014 02:44:01 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: microsoft.windowsphotos.
 
Error: (06/28/2014 02:43:45 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.BingMaps.
 
Error: (06/28/2014 02:43:37 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.ZuneVideo.
 
Error: (06/28/2014 02:43:22 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Microsoft.Reader.
 
Error: (06/28/2014 11:41:59 AM) (Source: DCOM) (EventID: 10010) (User: JOANNEWPC)
Description: {209500FC-6B45-4693-8871-6296C4843751}
 
Error: (06/28/2014 02:58:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AFBAgent service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (06/28/2014 02:52:10 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
 
Error: (06/28/2014 02:52:10 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
C:\Users\Joan\AppData\Local\Microsoft\Windows\\UsrClass.dat
 
Error: (06/28/2014 02:52:09 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
 
Error: (06/28/2014 02:52:09 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
C:\Users\Joan\AppData\Local\Microsoft\Windows\\UsrClass.dat
 
Error: (06/28/2014 02:47:06 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
 
Error: (06/28/2014 02:47:06 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
C:\Users\Joan\AppData\Local\Microsoft\Windows\\UsrClass.dat
 
Error: (06/28/2014 02:47:06 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
 
Error: (06/28/2014 02:47:06 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
C:\Users\Joan\AppData\Local\Microsoft\Windows\\UsrClass.dat
 
Error: (06/28/2014 02:46:51 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
 
Error: (06/28/2014 02:46:51 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
C:\Users\Joan\AppData\Local\Microsoft\Windows\\UsrClass.dat
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 59%
Total physical RAM: 3981.59 MB
Available physical RAM: 1614.4 MB
Total Pagefile: 8333.59 MB
Available Pagefile: 5908.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:31.52 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:258.15 GB) (Free:257.7 GB) NTFS
Drive e: (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.26 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 1FEB4A9B)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 22 GB) (Disk ID: 98DF8EA7)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

Link to post
Share on other sites

Hello Macht5 and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please uninstall the following programs:

Defaulttab

Network System Driver

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Threat Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • a new fresh FRST log file
Link to post
Share on other sites

  • 1 month later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.