Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"HP Update" Popup on an ASUS computer?


  • This topic is locked This topic is locked
8 replies to this topic

#1 SHnh

SHnh

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 27 March 2015 - 07:52 PM

Just now, a popup titled "HP Update" has appeared, saying :"An update is available. Would you like to download and install this update now?". I have an ASUS computer, and have never seen this before.

I'm running Windows 8.1. I'd also did a full system reset & reinstalled windows a couple weeks back, but have since then installed my old programs and put my files back on this computer. I've also downloaded some files from the internet that I'd initially thought were safe, and scanned with Bitdefender.

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:36 PM

Posted 29 March 2015 - 08:49 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Attaching the Addition.txt file was fine but I would also like to see the content of the FRST.txt file that was created when you executed the Farbar tool.

Please paste it in your next reply.

#3 SHnh

SHnh
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 29 March 2015 - 02:42 PM

AdwCleaner and FRST logs are below.
 
# AdwCleaner v4.113 - Logfile created 29/03/2015 at 13:59:01
# Updated 22/03/2015 by Xplode
# Database : 2015-03-28.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Stephanie - S-ASUS
# Running from : C:\Users\Stephanie\Downloads\adwcleaner_4.113.exe
# Option : Cleaning
 
***** [ Services ] *****
 
Service Deleted : DptfParticipantProcessorService
Service Deleted : DptfPolicyConfigTDPService
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol
Folder Deleted : C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\koegeopamaoljbmhnfjbclbocehhgmkm
File Deleted : C:\WINDOWS\System32\DptfParticipantProcessorService.exe
File Deleted : C:\WINDOWS\System32\DptfPolicyConfigTDPService.exe
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v0.0.0.0
 
 
-\\ Google Chrome v41.0.2272.101
 
 
*************************
 
AdwCleaner[R0].txt - [1310 bytes] - [29/03/2015 13:35:28]
AdwCleaner[S0].txt - [1251 bytes] - [29/03/2015 13:59:01]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1310  bytes] ##########
 
FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Stephanie (administrator) on S-ASUS on 27-03-2015 20:48:02
Running from C:\Users\Stephanie\Downloads
Loaded Profiles: Stephanie (Available profiles: Stephanie)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\System32\DptfParticipantProcessorService.exe
() C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwtxapps.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxcr.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwucli.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Stephanie\Downloads\H.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13519432 2013-04-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1691112 2015-03-17] (Bitdefender)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-11-23] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-939413243-1864290212-2567976273-1001\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-03-09] (Bitdefender)
HKU\S-1-5-21-939413243-1864290212-2567976273-1001\...\Run: [GoogleChromeAutoLaunch_15A09AB4B2860ED1D468C1D57628C0D5] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-14] (Google Inc.)
Startup: C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP ENVY 4500 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP ENVY 4500 series.lnk -> C:\Program Files\HP\HP ENVY 4500 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-939413243-1864290212-2567976273-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com
HKU\S-1-5-21-939413243-1864290212-2567976273-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
SearchScopes: HKU\S-1-5-21-939413243-1864290212-2567976273-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-939413243-1864290212-2567976273-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-03-09] (Bitdefender)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-16] (Adobe Systems Incorporated)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-03-09] (Bitdefender)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-03-09] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-03-09] (Bitdefender)
Tcpip\Parameters: [DhcpNameServer] 64.71.255.204 64.71.255.198
 
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-08] (Google Inc.)
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2015-03-09]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2015-03-09]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
 
Chrome: 
=======
CHR HomePage: Default -> about:blank
CHR StartupUrls: Default -> "hxxp://www.searchnu.com/406"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-08]
CHR Extension: (Duolingo on the Web) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2015-03-09]
CHR Extension: (Google Docs) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-08]
CHR Extension: (Google Drive) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-08]
CHR Extension: (Adguard AdBlocker) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2015-03-09]
CHR Extension: (Archive Poster) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceakpicibkmdilicebgddflnfbpmcpgd [2015-03-26]
CHR Extension: (Google Search) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-08]
CHR Extension: (Bitdefender Wallet) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih [2015-03-09]
CHR Extension: (Google Sheets) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-08]
CHR Extension: (Yuki Nakano) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgfdppaelgdcfommlnfgoofdemjednjo [2015-03-09]
CHR Extension: (XKit) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2015-03-26]
CHR Extension: (Bookmark Manager) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-03-15]
CHR Extension: (Clipular! Research, save & share screenshot) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjbgcjbgmcfgbgikmbdioggjlhjegpp [2015-03-09]
CHR Extension: (WorkFlowy) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\koegeopamaoljbmhnfjbclbocehhgmkm [2015-03-09]
CHR Extension: (Evernote Web) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2015-03-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (Sunrise Calendar) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mojepfklcankkmikonjlnidiooanmpbb [2015-03-09]
CHR Extension: (Google Wallet) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-08]
CHR Extension: (Picasa) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2015-03-09]
CHR Extension: (Listr) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pglhaeogddlgjnomioapgkmaipnhajbj [2015-03-09]
CHR Extension: (Gmail) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-08]
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2014-12-09] (Bitdefender)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [29056 2012-07-30] ()
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [30592 2012-07-30] ()
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S4 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-10-27] (Bitdefender)
R2 vsserv; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1547936 2015-03-17] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-11-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-11-21] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-04-16] (ASUS Corporation)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1306464 2015-03-09] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [262544 2015-03-09] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [677104 2015-03-09] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2015-03-09] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\WINDOWS\system32\drivers\bdsandbox.sys [82824 2015-03-09] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [79192 2013-07-30] (BitDefender)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [107328 2012-07-13] (Intel Corporation)
R3 DptfDevFan; C:\Windows\system32\DRIVERS\DptfDevFan.sys [42816 2012-07-13] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [64832 2012-07-13] (Intel Corporation)
S3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [96064 2012-07-13] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [228672 2012-07-13] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [361792 2012-07-13] (Intel Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160544 2015-03-17] (BitDefender LLC)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-10-15] (BitDefender S.R.L.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-11-21] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-27 20:48 - 2015-03-27 20:48 - 00020802 _____ () C:\Users\Stephanie\Downloads\FRST.txt
2015-03-27 20:47 - 2015-03-27 20:48 - 00000000 ____D () C:\FRST
2015-03-27 20:42 - 2015-03-27 20:42 - 02095616 _____ (Farbar) C:\Users\Stephanie\Downloads\H.exe
2015-03-27 11:11 - 2015-03-27 11:11 - 00000000 ____D () C:\Users\Stephanie\AppData\Local\Adobe
2015-03-26 22:09 - 2015-03-26 22:09 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-26 22:09 - 2015-03-26 22:09 - 00000000 ____D () C:\c1ebd900356495b3afd7
2015-03-26 22:09 - 2015-02-26 21:14 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-21 14:18 - 2015-03-21 14:18 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2015-03-21 14:17 - 2015-03-21 14:17 - 00527423 _____ ( ) C:\Users\Stephanie\Downloads\Lame_v3.99.3_for_Windows.exe
2015-03-21 13:29 - 2015-03-21 19:45 - 00000000 ____D () C:\Users\Stephanie\AppData\Roaming\Audacity
2015-03-21 13:25 - 2015-03-21 13:25 - 00001033 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-03-21 13:25 - 2015-03-21 13:25 - 00001021 _____ () C:\Users\Public\Desktop\Audacity.lnk
2015-03-21 13:24 - 2015-03-21 13:25 - 00000000 ____D () C:\Program Files (x86)\Audacity
2015-03-21 13:22 - 2015-03-21 13:22 - 22892794 _____ (Audacity Team ) C:\Users\Stephanie\Downloads\audacity-win-2.0.6.exe
2015-03-20 20:14 - 2015-03-27 20:19 - 00000000 ____D () C:\Users\Stephanie\AppData\Roaming\HpUpdate
2015-03-20 20:14 - 2015-03-20 20:14 - 00002198 _____ () C:\Users\Public\Desktop\HP ENVY 4500 series.lnk
2015-03-20 20:14 - 2015-03-20 20:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-03-20 20:14 - 2013-08-13 13:42 - 00762400 ____N (Hewlett-Packard Co.) C:\WINDOWS\system32\HPDiscoPMC511.dll
2015-03-20 20:12 - 2015-03-20 20:14 - 00000000 ____D () C:\Program Files (x86)\HP
2015-03-20 20:12 - 2015-03-20 20:12 - 00000000 ____D () C:\Program Files\HP
2015-03-20 19:59 - 2015-03-20 19:59 - 00000057 _____ () C:\ProgramData\Ament.ini
2015-03-20 19:58 - 2015-03-20 20:12 - 00000000 ____D () C:\ProgramData\HP
2015-03-20 19:54 - 2015-03-20 20:18 - 00000000 ____D () C:\Users\Stephanie\AppData\Local\HP
2015-03-17 23:14 - 2015-03-27 11:09 - 00000000 ____D () C:\Users\Stephanie\OneDrive
2015-03-16 11:08 - 2015-03-21 11:09 - 00000000 ____D () C:\Users\Stephanie\AppData\Roaming\Apple Computer
2015-03-16 11:08 - 2015-03-16 11:08 - 00001767 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-03-16 11:08 - 2015-03-16 11:08 - 00000000 ____D () C:\Users\Stephanie\AppData\Local\Apple Computer
2015-03-16 11:08 - 2015-03-16 11:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-03-16 11:08 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2015-03-16 11:07 - 2015-03-16 11:08 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-03-16 11:07 - 2015-03-16 11:08 - 00000000 ____D () C:\Program Files\iTunes
2015-03-16 11:07 - 2015-03-16 11:07 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-03-16 11:07 - 2015-03-16 11:07 - 00000000 ____D () C:\Program Files\iPod
2015-03-16 11:07 - 2015-03-16 11:07 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-03-16 11:05 - 2015-03-16 11:07 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-16 11:05 - 2015-03-16 11:05 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-03-16 11:05 - 2015-03-16 11:05 - 00000000 ____D () C:\Users\Stephanie\AppData\Local\Apple
2015-03-16 11:05 - 2015-03-16 11:05 - 00000000 ____D () C:\Program Files\Bonjour
2015-03-16 11:05 - 2015-03-16 11:05 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-03-16 11:05 - 2015-03-16 11:05 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-03-16 11:04 - 2015-03-16 11:05 - 00000000 ____D () C:\ProgramData\Apple
2015-03-16 11:00 - 2015-03-16 11:01 - 152428336 _____ (Apple Inc.) C:\Users\Stephanie\Downloads\itunes6464setup.exe
2015-03-16 10:56 - 2015-03-16 10:56 - 00000000 ____D () C:\Users\Stephanie\Documents\Microsoft Offices
2015-03-16 00:52 - 2015-03-16 00:52 - 00000000 _____ () C:\Recovery.txt
2015-03-15 22:51 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-03-15 22:51 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-03-15 22:51 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-03-15 22:51 - 2015-02-20 20:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-03-15 22:51 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-03-15 22:51 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-03-15 22:51 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-03-15 22:51 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-03-15 22:51 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-03-15 22:51 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-03-15 22:51 - 2015-02-19 22:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-03-15 22:51 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-03-15 22:51 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-03-15 22:51 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-03-15 22:51 - 2015-02-19 22:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-03-15 22:51 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-03-15 22:51 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-03-15 22:51 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-03-15 22:51 - 2015-02-19 21:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-03-15 22:51 - 2015-02-19 21:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-03-15 22:51 - 2015-02-19 21:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-03-15 22:51 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-03-15 22:51 - 2015-02-19 21:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-03-15 22:51 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-03-15 22:51 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-03-15 22:51 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-03-15 22:51 - 2015-02-19 21:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-03-15 22:51 - 2015-02-19 21:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-03-15 22:51 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-03-15 22:51 - 2015-02-19 21:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-03-15 22:51 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-03-15 22:51 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-03-15 22:51 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-03-15 22:51 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-03-15 22:51 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-03-15 22:51 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-03-15 22:51 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-03-15 22:50 - 2015-02-12 21:38 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-03-15 22:50 - 2015-02-12 21:15 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-03-15 22:50 - 2015-01-30 19:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-03-15 22:50 - 2015-01-27 00:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-03-15 22:50 - 2015-01-26 22:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-03-15 22:48 - 2015-02-12 13:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-03-15 22:48 - 2015-02-12 13:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-03-15 22:48 - 2015-01-29 14:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-03-15 22:48 - 2015-01-29 14:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-03-15 22:47 - 2015-01-28 11:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-03-15 22:47 - 2015-01-28 11:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-03-15 22:47 - 2015-01-28 11:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-03-15 22:47 - 2015-01-27 21:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-03-15 22:47 - 2015-01-27 21:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-03-15 22:47 - 2014-11-09 19:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-03-15 22:47 - 2014-11-09 19:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-03-15 22:47 - 2014-11-09 19:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-03-15 22:47 - 2014-11-09 19:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-03-15 22:47 - 2014-07-23 23:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2015-03-15 22:47 - 2014-07-23 23:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2015-03-15 22:46 - 2015-01-21 01:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-03-15 22:46 - 2015-01-21 01:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-03-15 21:02 - 2015-03-15 21:02 - 00000000 ____D () C:\ProgramData\Dumps
2015-03-11 21:23 - 2015-03-11 21:23 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_DptfDevPch_01009.Wdf
2015-03-11 21:14 - 2007-11-05 08:23 - 00240248 ____R (CACE Technologies) C:\WINDOWS\SysWOW64\wpcap.dll
2015-03-11 21:14 - 2007-11-05 08:23 - 00088704 ____R (CACE Technologies) C:\WINDOWS\SysWOW64\packet.dll
2015-03-11 21:14 - 2007-11-05 08:23 - 00040464 ____R (CACE Technologies) C:\WINDOWS\system32\Drivers\npf.sys
2015-03-11 21:14 - 2007-11-05 08:22 - 00068224 ____R (CACE Technologies) C:\WINDOWS\SysWOW64\WanPacket.dll
2015-03-11 21:14 - 2007-11-05 08:19 - 00053299 ____R () C:\WINDOWS\SysWOW64\pthreadVC.dll
2015-03-11 20:16 - 2015-03-11 20:16 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-03-10 20:04 - 2015-03-10 20:04 - 00000000 ____D () C:\Program Files (x86)\NETGEAR
2015-03-10 20:04 - 2004-09-29 10:28 - 00061440 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\WINDOWS\SysWOW64\W32N50.dll
2015-03-09 21:56 - 2015-03-09 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-03-09 21:55 - 2015-03-09 21:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2015-03-09 21:55 - 2015-03-09 21:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2015-03-09 21:54 - 2015-03-09 21:54 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2015-03-09 21:49 - 2015-03-09 21:49 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-03-09 21:47 - 2015-03-27 12:07 - 00000000 ____D () C:\Users\Stephanie\AppData\Local\Microsoft Help
2015-03-09 21:47 - 2015-03-09 21:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-09 21:47 - 2015-03-09 21:47 - 00000000 __RHD () C:\MSOCache
2015-03-09 21:24 - 2015-03-09 21:24 - 00262544 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avchv.sys
2015-03-09 21:24 - 2015-03-09 21:24 - 00074000 _____ (BitDefender SRL) C:\WINDOWS\system32\bdsandboxuiskin32.dll
2015-03-09 21:20 - 2015-03-09 21:20 - 00575103 _____ () C:\ProgramData\1425950196.bdinstall.bin
2015-03-09 21:20 - 2015-03-09 21:20 - 00000385 _____ () C:\WINDOWS\system32\user_gensett.xml
2015-03-09 21:20 - 2015-03-09 21:20 - 00000385 _____ () C:\Users\Stephanie\AppData\Roaminguser_gensett.xml
2015-03-09 21:19 - 2015-03-09 21:24 - 01306464 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
2015-03-09 21:19 - 2015-03-09 21:24 - 00677104 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys
2015-03-09 21:19 - 2015-03-09 21:24 - 00082824 _____ (BitDefender SRL) C:\WINDOWS\system32\Drivers\bdsandbox.sys
2015-03-09 21:19 - 2015-03-09 21:19 - 00002215 _____ () C:\Users\Public\Desktop\Bitdefender Total Security 2015.lnk
2015-03-09 21:19 - 2015-03-09 21:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015
2015-03-09 21:19 - 2014-12-02 19:37 - 00074000 _____ (BitDefender SRL) C:\WINDOWS\SysWOW64\bdsandboxuiskin32.dll
2015-03-09 21:19 - 2013-11-19 17:44 - 00098768 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\bdfndisf6.sys
2015-03-09 21:19 - 2013-09-08 23:04 - 00023568 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2015-03-09 21:19 - 2013-07-30 21:41 - 00079192 _____ (BitDefender) C:\WINDOWS\system32\Drivers\bdvedisk.sys
2015-03-09 21:18 - 2015-03-09 21:25 - 00000000 ____D () C:\Users\Stephanie\AppData\Roaming\Bitdefender
2015-03-09 21:16 - 2015-03-17 12:54 - 00160544 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2015-03-09 21:16 - 2015-03-09 21:19 - 00000000 ____D () C:\ProgramData\Bitdefender
2015-03-09 21:16 - 2015-03-09 20:57 - 00000000 ___DC () C:\WINDOWS\Panther
2015-03-09 21:16 - 2014-10-15 20:14 - 00452040 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2015-03-09 21:14 - 2015-03-09 21:14 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-03-09 21:14 - 2015-03-09 21:14 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-03-09 21:14 - 2015-03-09 21:14 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-03-09 21:14 - 2015-03-09 21:14 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-03-09 21:14 - 2015-03-09 21:14 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-03-09 21:14 - 2015-03-09 21:14 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-03-09 21:14 - 2015-03-09 21:14 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-03-09 21:14 - 2015-03-09 21:14 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-03-09 21:14 - 2015-03-09 21:14 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-03-09 21:13 - 2015-03-09 21:13 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-03-09 21:13 - 2015-03-09 21:13 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2015-03-09 21:13 - 2015-03-09 21:13 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-03-09 21:13 - 2015-03-09 21:13 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-03-09 21:13 - 2015-03-09 21:13 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-03-09 21:13 - 2015-03-09 21:13 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2015-03-09 21:13 - 2015-03-09 21:13 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-03-09 21:13 - 2015-03-09 21:13 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2015-03-09 21:13 - 2015-03-09 21:13 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-03-09 21:13 - 2015-03-09 21:13 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-03-09 21:13 - 2015-03-09 21:13 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2015-03-09 21:13 - 2015-03-09 21:13 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-03-09 21:12 - 2015-03-09 21:12 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-03-09 21:12 - 2015-03-09 21:12 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2015-03-09 21:12 - 2015-03-09 21:12 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2015-03-09 21:12 - 2015-03-09 21:12 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-03-09 21:12 - 2015-03-09 21:12 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-03-09 21:12 - 2015-03-09 21:12 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-03-09 21:12 - 2015-03-09 21:12 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-03-09 21:12 - 2015-03-09 21:12 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-03-09 21:12 - 2015-03-09 21:12 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-03-09 21:12 - 2015-03-09 21:12 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-03-09 21:12 - 2015-03-09 21:12 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-03-09 21:12 - 2015-03-09 21:12 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-03-09 21:12 - 2015-03-09 21:12 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2015-03-09 21:12 - 2015-03-09 21:12 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2015-03-09 21:11 - 2015-03-09 21:11 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-03-09 21:11 - 2015-03-09 21:11 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-03-09 21:11 - 2015-03-09 21:11 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-03-09 21:11 - 2015-03-09 21:11 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-03-09 21:11 - 2015-03-09 21:11 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-03-09 21:11 - 2015-03-09 21:11 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-03-09 21:11 - 2015-03-09 21:11 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-03-09 21:11 - 2015-03-09 21:11 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-03-09 21:11 - 2015-03-09 21:11 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-03-09 21:10 - 2015-03-09 21:10 - 02868848 _____ () C:\Users\Stephanie\Downloads\bitdefender_tsecurity.exe
2015-03-09 21:10 - 2015-03-09 21:10 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-03-09 21:10 - 2015-03-09 21:10 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2015-03-09 21:10 - 2015-03-09 21:10 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2015-03-09 21:10 - 2015-03-09 21:10 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-03-09 21:10 - 2015-03-09 21:10 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-03-09 21:10 - 2015-03-09 21:10 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-03-09 21:10 - 2015-03-09 21:10 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-03-09 21:10 - 2015-03-09 21:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-03-09 21:10 - 2015-03-09 21:10 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-03-09 21:10 - 2015-03-09 21:10 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-03-09 21:10 - 2015-03-09 21:10 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-03-09 21:09 - 2015-03-09 21:09 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2015-03-09 21:07 - 2015-03-09 21:07 - 00000000 ____D () C:\Program Files\Reference Assemblies
2015-03-09 21:07 - 2015-03-09 21:07 - 00000000 ____D () C:\Program Files\MSBuild
2015-03-09 21:07 - 2015-03-09 21:07 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2015-03-09 21:07 - 2015-03-09 21:07 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-03-09 21:07 - 2013-08-03 00:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-03-09 21:07 - 2013-08-03 00:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-03-09 21:07 - 2013-08-03 00:48 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-03-09 21:07 - 2013-08-03 00:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-03-09 21:07 - 2013-08-03 00:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-03-09 21:07 - 2013-08-03 00:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-03-09 20:56 - 2015-03-09 20:56 - 00000020 ___SH () C:\Users\Stephanie\ntuser.ini
2015-03-09 20:39 - 2015-03-27 17:10 - 01290437 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-09 20:38 - 2015-03-09 20:38 - 00022744 _____ () C:\WINDOWS\system32\emptyregdb.dat
2015-03-09 20:29 - 2015-03-09 20:29 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-03-09 20:27 - 2015-03-09 20:27 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate
2015-03-09 20:26 - 2015-03-26 22:10 - 00000000 ____D () C:\Users\Stephanie
2015-03-09 20:26 - 2015-03-09 20:39 - 00020958 _____ () C:\WINDOWS\diagwrn.xml
2015-03-09 20:26 - 2015-03-09 20:39 - 00020958 _____ () C:\WINDOWS\diagerr.xml
2015-03-09 20:26 - 2015-03-09 20:27 - 00000000 ___RD () C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-09 20:26 - 2014-11-21 11:57 - 00000000 ___RD () C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-09 20:26 - 2014-11-21 11:57 - 00000000 ___RD () C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-09 20:26 - 2014-11-21 04:52 - 00000369 _____ () C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-03-09 20:26 - 2014-11-21 04:52 - 00000369 _____ () C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-03-09 20:26 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-09 20:20 - 2015-03-09 20:20 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_DptfDevGen_01009.Wdf
2015-03-09 20:20 - 2015-03-09 20:20 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_DptfDevFan_01009.Wdf
2015-03-09 20:19 - 2015-03-09 20:28 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-03-09 20:19 - 2015-03-09 20:19 - 00081911 _____ () C:\WINDOWS\system32\Drivers\RTWAVES30.dat
2015-03-09 20:19 - 2015-03-09 20:19 - 00001375 _____ () C:\Users\Public\Desktop\Waves MAXXAudio.lnk
2015-03-09 20:19 - 2015-03-09 20:19 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_DptfManager_01009.Wdf
2015-03-09 20:19 - 2015-03-09 20:19 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_DptfDevProc_01009.Wdf
2015-03-09 20:19 - 2015-03-09 20:19 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_DptfDevDram_01009.Wdf
2015-03-09 20:19 - 2015-03-09 20:19 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM
2015-03-09 20:19 - 2015-03-09 20:19 - 00000000 ____D () C:\Program Files\Realtek
2015-03-09 20:19 - 2013-10-01 16:02 - 00064000 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2015-03-09 20:19 - 2013-10-01 16:02 - 00060416 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2015-03-09 19:46 - 2015-03-09 19:46 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-03-09 19:46 - 2015-03-09 19:46 - 00000000 ____D () C:\ProgramData\BDLogging
2015-03-09 19:46 - 2007-04-11 14:11 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\capicom.dll
2015-03-09 19:43 - 2015-03-09 21:24 - 00084848 _____ (BitDefender SRL) C:\WINDOWS\system32\bdsandboxuiskin.dll
2015-03-09 19:43 - 2015-03-09 21:24 - 00033360 _____ (BitDefender SRL) C:\WINDOWS\system32\bdsandboxuh.dll
2015-03-09 19:43 - 2015-03-09 21:14 - 00000000 ____D () C:\Program Files\Bitdefender
2015-03-09 19:39 - 2015-03-09 20:39 - 00006608 _____ () C:\WINDOWS\comsetup.log
2015-03-09 19:38 - 2015-03-09 19:38 - 00000000 ____D () C:\Users\Stephanie\AppData\Roaming\QuickScan
2015-03-09 19:35 - 2015-03-09 21:16 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2015-03-08 21:43 - 2015-03-03 09:17 - 00295552 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-03-08 21:31 - 2015-03-21 09:38 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-08 21:31 - 2015-03-09 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-08 21:30 - 2015-03-27 20:35 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-08 21:30 - 2015-03-27 18:35 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-08 21:30 - 2015-03-08 21:31 - 00000000 ____D () C:\Users\Stephanie\AppData\Local\Google
2015-03-08 21:30 - 2015-03-08 21:30 - 00003890 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-03-08 21:30 - 2015-03-08 21:30 - 00003654 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-03-08 21:30 - 2015-03-08 21:30 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-08 21:29 - 2015-03-08 21:29 - 00000000 ____D () C:\Users\Stephanie\AppData\Local\Apps\2.0
2015-03-08 21:28 - 2015-03-08 21:28 - 00000000 ____D () C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-03-08 14:35 - 2015-03-08 14:35 - 00000000 ____D () C:\sources
2015-03-07 23:08 - 2015-03-07 23:08 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Stephanie\Downloads\rkill.exe
2015-03-07 19:07 - 2013-05-04 00:51 - 00014848 ____N (Microsoft) C:\WINDOWS\system32\rars.rs
2015-03-07 19:07 - 2013-05-04 00:10 - 00014848 ____N (Microsoft) C:\WINDOWS\SysWOW64\rars.rs
2015-03-07 17:27 - 2015-03-07 17:27 - 00000000 ____D () C:\Users\Stephanie\AppData\Roaming\Macromedia
2015-03-07 15:56 - 2015-03-22 17:28 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-939413243-1864290212-2567976273-1001
2015-03-07 15:51 - 2015-03-07 15:51 - 00000000 ____D () C:\Users\Stephanie\AppData\Roaming\ASUS WebStorage
2015-03-07 15:50 - 2015-03-27 11:11 - 00000000 ____D () C:\Users\Stephanie\AppData\Roaming\Adobe
2015-03-07 15:50 - 2015-03-07 15:50 - 00000188 _____ () C:\WINDOWS\FixPatch.log
2015-03-07 15:50 - 2015-03-07 15:50 - 00000134 _____ () C:\WINDOWS\SysWOW64\mcmarkclean.log
2015-03-07 15:50 - 2015-03-07 15:50 - 00000000 __RSD () C:\Users\Public\Desktop\ASUS
2015-03-07 15:50 - 2015-03-07 15:50 - 00000000 ____D () C:\ProgramData\FolderView
2015-03-07 15:49 - 2015-03-27 11:09 - 00000074 _____ () C:\Users\Stephanie\AppData\Roaming\sp_data.sys
2015-03-07 15:48 - 2015-03-18 12:17 - 00000000 ____D () C:\Users\Stephanie\AppData\Local\Packages
2015-03-07 15:48 - 2015-03-07 15:49 - 00000000 ____D () C:\Users\Stephanie\AppData\Local\ASUS
2015-03-07 15:48 - 2015-03-07 15:48 - 00000000 ____D () C:\Users\Stephanie\AppData\Local\VirtualStore
2015-03-07 15:46 - 2015-03-09 19:59 - 01836725 _____ () C:\WINDOWS\WindowsUpdate (1).log
2015-03-07 15:45 - 2015-03-07 15:45 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-03-07 04:05 - 2015-03-09 21:16 - 00000000 __SHD () C:\Recovery
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-27 20:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-27 15:31 - 2014-11-21 04:44 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-27 12:00 - 2013-05-21 02:17 - 00003474 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update1
2015-03-27 12:00 - 2013-05-21 02:17 - 00003464 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update2
2015-03-27 11:55 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-26 22:19 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-03-26 22:15 - 2013-08-22 10:46 - 00291787 _____ () C:\WINDOWS\setupact.log
2015-03-26 22:15 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-26 22:12 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-23 15:37 - 2014-11-21 04:34 - 00011142 _____ () C:\WINDOWS\PFRO.log
2015-03-18 15:14 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-15 21:10 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-03-10 20:12 - 2013-05-21 01:57 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-09 21:55 - 2012-11-23 12:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-03-09 21:54 - 2014-11-21 04:25 - 00000000 ____D () C:\WINDOWS\ShellNew
2015-03-09 21:53 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-03-09 21:46 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\restore
2015-03-09 21:37 - 2012-11-23 12:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-03-09 21:37 - 2012-11-23 12:33 - 00000000 ____D () C:\Program Files (x86)\ASUS
2015-03-09 21:31 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-09 21:26 - 2013-08-22 10:44 - 00483192 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-09 21:15 - 2013-08-22 11:36 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2015-03-09 21:13 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-03-09 20:41 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-09 20:39 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Registration
2015-03-09 20:35 - 2013-08-22 11:36 - 00000000 __RSD () C:\WINDOWS\Media
2015-03-09 20:35 - 2013-08-22 11:36 - 00000000 __RHD () C:\Users\Public\Libraries
2015-03-09 20:30 - 2013-08-22 11:37 - 00005217 _____ () C:\WINDOWS\DtcInstall.log
2015-03-09 20:30 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-03-09 20:30 - 2013-05-21 02:04 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-03-09 20:30 - 2013-05-21 01:58 - 00000000 ____D () C:\WINDOWS\SysWOW64\Atheros_L1e
2015-03-09 20:30 - 2012-11-23 12:34 - 00000000 ____D () C:\WINDOWS\fr
2015-03-09 20:30 - 2012-11-23 12:34 - 00000000 ____D () C:\WINDOWS\es
2015-03-09 20:30 - 2012-11-23 12:34 - 00000000 ____D () C:\WINDOWS\en
2015-03-09 20:30 - 2012-07-26 01:37 - 00000000 ____D () C:\Users\Default.migrated
2015-03-09 20:29 - 2014-11-21 04:00 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN
2015-03-09 20:29 - 2014-11-21 04:00 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep
2015-03-09 20:29 - 2014-11-21 04:00 - 00000000 ____D () C:\WINDOWS\system32\WCN
2015-03-09 20:29 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI
2015-03-09 20:29 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2015-03-09 20:29 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\IME
2015-03-09 20:29 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns
2015-03-09 20:29 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\spool
2015-03-09 20:29 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\MUI
2015-03-09 20:29 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\IME
2015-03-09 20:29 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\SMI
2015-03-09 20:29 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2015-03-09 20:28 - 2013-08-22 11:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker
2015-03-09 20:28 - 2013-08-22 11:36 - 00000000 __SHD () C:\Program Files\Windows Sidebar
2015-03-09 20:28 - 2013-08-22 11:36 - 00000000 __SHD () C:\Program Files (x86)\Windows Sidebar
2015-03-09 20:28 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-03-09 20:28 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\IME
2015-03-09 20:28 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Help
2015-03-09 20:28 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-03-09 20:28 - 2012-08-01 21:24 - 00000000 ____D () C:\ProgramData\PRICache
2015-03-09 20:27 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery
2015-03-09 20:18 - 2013-08-22 09:36 - 00000000 __RHD () C:\Users\Default
2015-03-09 19:22 - 2012-07-26 04:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2015-03-08 14:49 - 2012-11-23 12:34 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-08 14:49 - 2012-11-23 12:34 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2015-03-07 15:50 - 2012-11-23 12:32 - 06194458 _____ () C:\WINDOWS\AsDebug.log
2015-03-07 15:50 - 2012-11-23 12:32 - 01018812 _____ () C:\WINDOWS\AsCDProc.log
2015-03-07 15:50 - 2012-08-01 21:36 - 00000000 ____D () C:\WINDOWS\Log
2015-03-04 17:24 - 2014-11-21 12:03 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-03-04 17:24 - 2014-11-21 12:03 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2015-03-07 15:49 - 2015-03-27 11:09 - 0000074 _____ () C:\Users\Stephanie\AppData\Roaming\sp_data.sys
2015-03-09 21:20 - 2015-03-09 21:20 - 0575103 _____ () C:\ProgramData\1425950196.bdinstall.bin
2015-03-20 19:59 - 2015-03-20 19:59 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-11-23 12:32 - 2012-09-07 07:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2012-11-23 12:32 - 2009-07-22 06:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2012-11-23 12:32 - 2012-09-07 07:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
 
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
 
 
Some content of TEMP:
====================
C:\Users\Stephanie\AppData\Local\Temp\ose00000.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-25 19:56
 
==================== End Of Log ============================


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:36 PM

Posted 30 March 2015 - 08:03 AM

Just now, a popup titled "HP Update" has appeared, saying :"An update is available. Would you like to download and install this update now?"

It's probably for your printer driver.

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
ShortcutTarget: Monitor Ink Alerts - HP ENVY 4500 series.lnk -> C:\Program Files\HP\HP ENVY 4500 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://www.searchnu.com/406"
CHR Extension: (Evernote Web) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2015-03-09]
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx
C:\Users\Stephanie\AppData\Local\Temp\ose00000.exe
C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

How is the computer running now?

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:36 PM

Posted 04 April 2015 - 07:13 AM

Are you still with me?

#6 SHnh

SHnh
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 04 April 2015 - 04:31 PM

Sorry about that! Internet was down for a few days. Everything seems to be running well (: 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Stephanie at 2015-04-04 17:15:00 Run:1
Running from C:\Users\Stephanie\Downloads
Loaded Profiles: Stephanie (Available profiles: Stephanie)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://www.searchnu.com/406"
CHR Extension: (Evernote Web) - C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2015-03-09]
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx
C:\Users\Stephanie\AppData\Local\Temp\ose00000.exe
C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol
 
End
*****************
 
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => Key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => Key not found. 
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
Chrome StartupUrls deleted successfully.
C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol directory not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fabcmochhfpldjekobfaaggijgohadih" => Key deleted successfully.
C:\Users\Stephanie\AppData\Local\Temp\ose00000.exe => Moved successfully.
"C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol" => File/Directory not found.
 
 
The system needed a reboot. 
 
==== End of Fixlog 17:15:04 ====


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:36 PM

Posted 05 April 2015 - 07:02 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#8 SHnh

SHnh
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 05 April 2015 - 11:47 AM

Thanks for all your help!



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:36 PM

Posted 11 April 2015 - 08:37 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users