Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-02-2014 03 Ran by SYSTEM on MININT-C0QA4JI on 11-02-2014 12:22:43 Running from G:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b] The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-09-15] () HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-28] (Adobe Systems Incorporated) HKLM-x32\...\Run: [StartCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-11] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HP Software Update] - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [664600 2010-09-28] (PDF Complete Inc) HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation) HKLM-x32\...\Run: [Memeo Instant Backup] - C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2010-04-22] (Memeo Inc.) HKLM-x32\...\Run: [Memeo AutoSync] - C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe [144608 2010-04-16] (Memeo Inc.) HKLM-x32\...\Run: [Memeo Send] - C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe [236816 2010-07-20] () HKLM-x32\...\Run: [Seagate Dashboard] - C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-01] () HKLM-x32\...\Run: [MoneyStartUp10.0] - C:\Program Files (x86)\Microsoft Money\System\Activation.exe [241714 2001-07-25] (Microsoft Corporation) HKLM-x32\...\Run: [Renovate] - C:\Windows\SysWOW64\Renovate.exe [165376 1999-07-29] (GST Technology Ltd.) HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-17] (CyberLink Corp.) HKLM-x32\...\Run: [LGODDFU] - C:\Program Files (x86)\lg_fwupdate\fwupdate.exe [548864 2008-10-01] (BL) HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [WMBoot] - C:\Program Files (x86)\Logitech\WingMan Profiler\ChekList.exe -L:F:\WS\ENU\Setup.exe -CD -CL4 -LP:" reboot" HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-01] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [Boingo Wi-Finder] - C:\Program Files (x86)\Boingo\Boingo Wi-Finder\Boingo.lnk [2429 2014-01-06] () HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-08-14] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.) HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [Updater] - C:\ProgramData\Updater\Updater.exe [486264 2013-12-18] (Updater) HKLM\...\RunOnce: [NCPluginUpdater] - "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-28] (Hewlett-Packard) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\Diane\...\Run: [MoneyAgent] - C:\Program Files (x86)\Microsoft Money\System\Money Express.exe [184376 2001-07-25] (Microsoft Corporation) HKU\Diane\...\Run: [attcm.exe] - C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm.exe HKU\Diane\...\Run: [Steam] - C:\steam\Steam.exe [1815976 2014-01-27] (Valve Corporation) HKU\Diane\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup HKU\Diane\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe [486264 2013-12-18] (Updater) HKU\Diane\...\Run: [ConduitFloatingPlugin_lcnnhcneegeeojhgpfijnlnocjdmlaon] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Diane\AppData\Roaming\ValueApps\CH\TBVerifier.dll",RunConduitFloatingPlugin lcnnhcneegeeojhgpfijnlnocjdmlaon HKU\Diane\...\Policies\system: [LogonHoursAction] 2 HKU\Diane\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\Guest\...\Run: [attcm.exe] - C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm.exe HKU\Guest\...\Run: [MoneyAgent] - C:\Program Files (x86)\Microsoft Money\System\Money Express.exe [184376 2001-07-25] (Microsoft Corporation) HKU\Robbie\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation) HKU\Robbie\...\Run: [attcm.exe] - C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm.exe HKU\Robbie\...\Policies\system: [LogonHoursAction] 2 HKU\Robbie\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [1350944 2014-02-03] (Conduit) AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [1046816 2014-02-03] (Conduit) Startup: C:\Users\Diane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com) Startup: C:\Users\Diane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe () ==================== Services (Whitelisted) ================= S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.) S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-23] (AVG Technologies CZ, s.r.o.) S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36392 2014-01-27] (Just Develop It) S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2317600 2014-02-03] (Conduit) S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S2 IDVaultSvc; C:\Program Files (x86)\AOL OnePoint\IDVaultSvc.exe [39704 2013-09-16] (White Sky, Inc.) S2 InternetUpdater; C:\ProgramData\InternetUpdater\InternetUpdaterService.exe [45568 2014-01-14] (Parallel Lines Development, LLC) S2 iSafeService; C:\Program Files (x86)\iSafe\iSafeSvc.exe [491688 2013-12-30] (Elex do Brasil Participações Ltda) S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-11-28] (McAfee, Inc.) S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.) S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.) S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025232 2013-12-11] (McAfee, Inc.) S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-12-05] (McAfee, Inc.) S2 mfevtp; C:\Windows\system32\mfevtps.exe [184800 2013-12-05] (McAfee, Inc.) S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc) S2 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1859584 2012-07-04] (Ralink) S2 UpdateServiceTool; C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe [6656 2013-12-02] (VIS without Co) S2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-08-14] (Western Digital Technologies, Inc.) ==================== Drivers (Whitelisted) ==================== S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.) S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.) S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.) S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.) S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.) S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-09-30] (AVG Technologies CZ, s.r.o.) S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-09] (AVG Technologies CZ, s.r.o.) S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.) S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-12-05] (McAfee, Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.) S3 iSafeKrnl; C:\Program Files (x86)\iSafe\iSafeKrnl.sys [219648 2013-12-30] (Elex do Brasil Participações Ltda) S1 iSafeNetFilter; C:\Program Files (x86)\iSafe\iSafeNetFilter.sys [44032 2013-12-30] (Elex do Brasil Participações Ltda) S2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179792 2013-12-05] (McAfee, Inc.) S2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311120 2013-12-05] (McAfee, Inc.) S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519576 2013-12-05] (McAfee, Inc.) S2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782616 2013-12-05] (McAfee, Inc.) S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [411944 2013-11-26] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96112 2013-11-26] (McAfee, Inc.) S2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343696 2013-12-05] (McAfee, Inc.) S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2009-07-13] (Microsoft Corporation) S3 lgwnusbbus; system32\DRIVERS\lgwnusb64bus.sys [X] S3 lgwnusbmodem; system32\DRIVERS\lgwnusb64modem.sys [X] S3 lgwnusbndis; system32\DRIVERS\lgwnusb64ndis62.sys [X] S3 lgwnusbser01; system32\DRIVERS\lgwnusb64ser01.sys [X] S3 lgwnusbser02; system32\DRIVERS\lgwnusb64ser02.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-11 12:22 - 2014-02-11 12:22 - 00000000 ____D () C:\FRST 2014-02-03 10:44 - 2014-02-03 10:44 - 00000000 ____D () C:\Windows\SysWOW64\SearchProtect 2014-02-02 19:17 - 2014-02-02 19:17 - 00000000 ____D () C:\Users\Diane\AppData\Roaming\eCyber 2014-02-02 14:30 - 2014-02-02 14:30 - 00263480 _____ (setup process) C:\Users\Diane\Downloads\Setup.exe 2014-02-02 14:29 - 2014-02-02 14:29 - 00673304 _____ (Conduit) C:\Users\Diane\Downloads\InstallConverter_TSV12ZOYG.exe 2014-02-02 14:14 - 2014-02-02 14:14 - 00001746 _____ () C:\Users\Public\Desktop\YAC.lnk 2014-02-02 14:14 - 2014-02-02 14:14 - 00000000 ____D () C:\Windows\System32\log 2014-02-02 14:13 - 2014-02-03 19:18 - 00000000 ____D () C:\Users\Diane\AppData\Roaming\iSafe 2014-02-02 14:13 - 2014-02-03 18:31 - 00000000 ____D () C:\Program Files (x86)\iSafe 2014-02-02 14:12 - 2014-02-02 14:12 - 00000000 ____D () C:\Users\Diane\AppData\Local\Conduit 2014-02-02 14:12 - 2014-02-02 14:12 - 00000000 ____D () C:\Program Files\Conduit 2014-02-02 14:11 - 2014-02-02 14:11 - 00000000 ____D () C:\Users\Diane\AppData\Local\TidyNetwork 2014-02-02 14:11 - 2014-02-02 14:11 - 00000000 ____D () C:\Program Files (x86)\TidyNetwork 2014-02-02 14:10 - 2014-02-02 14:10 - 00001935 _____ () C:\Users\Diane\Desktop\Sync Folder.lnk 2014-02-02 14:09 - 2014-02-03 18:29 - 00000356 _____ () C:\Windows\Tasks\AmiUpdXp.job 2014-02-02 14:09 - 2014-02-02 14:10 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup 2014-02-02 14:09 - 2014-02-02 14:09 - 00003376 _____ () C:\Windows\System32\Tasks\AmiUpdXp 2014-02-02 14:09 - 2014-02-02 14:09 - 00001053 _____ () C:\Users\Diane\Desktop\MyPC Backup.lnk 2014-02-02 14:09 - 2014-02-02 14:09 - 00000000 ____D () C:\ProgramData\InternetUpdater 2014-02-02 14:08 - 2014-02-03 18:29 - 00000384 _____ () C:\Windows\Tasks\Re-markit Update.job 2014-02-02 14:08 - 2014-02-02 14:08 - 00003032 _____ () C:\Windows\System32\Tasks\Re-markit Update 2014-02-02 14:08 - 2014-02-02 14:08 - 00000000 ____D () C:\Program Files (x86)\Re-markit 2014-02-02 14:03 - 2014-02-02 14:04 - 00000000 ____D () C:\Users\Diane\AppData\Local\SearchProtect 2014-02-02 14:03 - 2014-02-02 14:03 - 00002058 _____ () C:\Users\Public\Desktop\WiseConvert.lnk 2014-02-02 14:03 - 2014-02-02 14:03 - 00000000 ____D () C:\Users\Diane\AppData\Roaming\Mozilla 2014-02-02 14:03 - 2014-02-02 14:03 - 00000000 ____D () C:\ProgramData\Websteroids 2014-02-02 14:03 - 2014-02-02 14:03 - 00000000 ____D () C:\ProgramData\Updater 2014-02-02 14:03 - 2014-02-02 14:03 - 00000000 ____D () C:\ProgramData\RHelpers 2014-02-02 14:03 - 2014-02-02 14:03 - 00000000 ____D () C:\Program Files (x86)\YTD Downloader 2014-02-02 14:03 - 2014-02-02 14:03 - 00000000 ____D () C:\Program Files (x86)\WiseConvert 2014-02-02 14:03 - 2014-02-02 14:03 - 00000000 ____D () C:\Program Files (x86)\Bin 2014-01-31 13:44 - 2014-01-31 13:44 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf 2014-01-31 13:44 - 2014-01-31 13:44 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_MijXfilt_01009.Wdf 2014-01-31 13:13 - 2014-01-31 13:13 - 00000925 _____ () C:\Users\Public\Desktop\DS3 Tool.lnk 2014-01-31 13:13 - 2014-01-31 13:13 - 00000000 ____D () C:\Users\Diane\AppData\Roaming\MotioninJoy 2014-01-31 13:13 - 2014-01-31 13:13 - 00000000 ____D () C:\Program Files\MotioninJoy 2014-01-31 13:13 - 2012-05-12 10:31 - 00121416 _____ (MotioninJoy) C:\Windows\System32\Drivers\MijXfilt.sys 2014-01-31 13:13 - 2011-12-07 17:42 - 00328712 _____ (Logitech Inc.) C:\Windows\System32\MijFrc.dll 2014-01-31 13:13 - 2011-12-07 17:42 - 00074960 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\xusb21.sys 2014-01-31 13:11 - 2014-01-31 13:11 - 04117346 _____ () C:\Users\Diane\Downloads\MotioninJoy_071001_signed.zip 2014-01-31 13:11 - 2014-01-31 13:11 - 04117346 _____ () C:\Users\Diane\Downloads\MotioninJoy_071001_signed (1).zip 2014-01-27 22:57 - 2014-02-01 18:16 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForDiane.job 2014-01-27 22:57 - 2014-02-01 17:51 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForDiane 2014-01-22 13:10 - 2013-09-23 11:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\System32\Drivers\HipShieldK.sys 2014-01-21 12:14 - 2014-01-21 12:14 - 00002183 _____ () C:\Users\Diane\Desktop\HP Support Assistant.lnk 2014-01-21 12:05 - 2014-01-21 12:05 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F} 2014-01-19 10:20 - 2013-08-24 04:18 - 2069770532 _____ () C:\Users\Diane\Desktop\MVI_8270.MOV 2014-01-16 19:39 - 2014-01-16 19:39 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_netaapl64_01009.Wdf 2014-01-13 20:01 - 2014-01-13 20:01 - 00001935 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk ==================== One Month Modified Files and Folders ======= 2014-02-11 12:22 - 2014-02-11 12:22 - 00000000 ____D () C:\FRST 2014-02-03 19:43 - 2012-12-11 21:14 - 00000338 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job 2014-02-03 19:27 - 2013-07-31 17:29 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-02-03 19:20 - 2012-12-09 18:45 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-02-03 19:19 - 2013-04-05 19:49 - 00000000 _____ () C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-02-03 19:18 - 2014-02-02 14:13 - 00000000 ____D () C:\Users\Diane\AppData\Roaming\iSafe 2014-02-03 18:53 - 2012-12-12 00:18 - 00000000 ____D () C:\Users\Diane\AppData\Local\Windows Live 2014-02-03 18:51 - 2012-07-28 20:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-02-03 18:43 - 2013-10-16 13:41 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cecab88449e7e4.job 2014-02-03 18:33 - 2014-01-07 19:44 - 00000000 ____D () C:\ProgramData\MFAData 2014-02-03 18:31 - 2014-02-02 14:13 - 00000000 ____D () C:\Program Files (x86)\iSafe 2014-02-03 18:29 - 2014-02-02 14:09 - 00000356 _____ () C:\Windows\Tasks\AmiUpdXp.job 2014-02-03 18:29 - 2014-02-02 14:08 - 00000384 _____ () C:\Windows\Tasks\Re-markit Update.job 2014-02-03 10:44 - 2014-02-03 10:44 - 00000000 ____D () C:\Windows\SysWOW64\SearchProtect 2014-02-03 10:44 - 2013-09-15 07:31 - 00000000 ____D () C:\Program Files (x86)\SearchProtect 2014-02-03 10:44 - 2011-04-12 00:21 - 01972807 _____ () C:\Windows\WindowsUpdate.log 2014-02-02 20:15 - 2012-07-25 21:22 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{EDF1A06D-7AC7-4C8F-9B97-E488A025B3D2} 2014-02-02 19:17 - 2014-02-02 19:17 - 00000000 ____D () C:\Users\Diane\AppData\Roaming\eCyber 2014-02-02 19:17 - 2013-12-27 16:18 - 00000000 ____D () C:\steam 2014-02-02 19:16 - 2011-07-29 18:10 - 00000271 _____ () C:\Windows\lgfwup.ini 2014-02-02 19:16 - 2011-07-29 18:07 - 00000000 ____D () C:\Program Files (x86)\lg_fwupdate 2014-02-02 19:16 - 2011-05-16 01:14 - 00000000 ____D () C:\Users\Diane\AppData\Local\CrashDumps 2014-02-02 16:22 - 2009-07-13 20:45 - 00015568 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-02 16:22 - 2009-07-13 20:45 - 00015568 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-02 16:11 - 2009-07-13 20:45 - 00410352 _____ () C:\Windows\System32\FNTCACHE.DAT 2014-02-02 16:10 - 2011-04-12 02:27 - 00278280 _____ () C:\Windows\PFRO.log 2014-02-02 16:10 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-02 16:10 - 2009-07-13 20:51 - 00074730 _____ () C:\Windows\setupact.log 2014-02-02 14:30 - 2014-02-02 14:30 - 00263480 _____ (setup process) C:\Users\Diane\Downloads\Setup.exe 2014-02-02 14:30 - 2013-12-26 10:31 - 00000382 _____ () C:\Windows\Tasks\REGSERVO.job 2014-02-02 14:29 - 2014-02-02 14:29 - 00673304 _____ (Conduit) C:\Users\Diane\Downloads\InstallConverter_TSV12ZOYG.exe 2014-02-02 14:19 - 2011-05-15 19:36 - 00114344 _____ () C:\Users\Diane\AppData\Local\GDIPFONTCACHEV1.DAT 2014-02-02 14:14 - 2014-02-02 14:14 - 00001746 _____ () C:\Users\Public\Desktop\YAC.lnk 2014-02-02 14:14 - 2014-02-02 14:14 - 00000000 ____D () C:\Windows\System32\log 2014-02-02 14:12 - 2014-02-02 14:12 - 00000000 ____D () C:\Users\Diane\AppData\Local\Conduit 2014-02-02 14:12 - 2014-02-02 14:12 - 00000000 ____D () C:\Program Files\Conduit 2014-02-02 14:12 - 2013-09-15 07:31 - 00000000 _____ () C:\END 2014-02-02 14:12 - 2013-09-15 07:30 - 00000000 ____D () C:\Program Files (x86)\Conduit 2014-02-02 14:11 - 2014-02-02 14:11 - 00000000 ____D () C:\Users\Diane\AppData\Local\TidyNetwork 2014-02-02 14:11 - 2014-02-02 14:11 - 00000000 ____D () C:\Program Files (x86)\TidyNetwork 2014-02-02 14:10 - 2014-02-02 14:10 - 00001935 _____ () C:\Users\Diane\Desktop\Sync Folder.lnk 2014-02-02 14:10 - 2014-02-02 14:09 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup 2014-02-02 14:09 - 2014-02-02 14:09 - 00003376 _____ () C:\Windows\System32\Tasks\AmiUpdXp 2014-02-02 14:09 - 2014-02-02 14:09 - 00001053 _____ () C:\Users\Diane\Desktop\MyPC Backup.lnk 2014-02-02 14:09 - 2014-02-02 14:09 - 00000000 ____D () C:\ProgramData\InternetUpdater 2014-02-02 14:09 - 2013-09-15 07:31 - 00000000 ____D () C:\Users\Diane\AppData\Local\SwvUpdater 2014-02-02 14:08 - 2014-02-02 14:08 - 00003032 _____ () C:\Windows\System32\Tasks\Re-markit Update 2014-02-02 14:08 - 2014-02-02 14:08 - 00000000 ____D () C:\Program Files (x86)\Re-markit 2014-02-02 14:04 - 2014-02-02 14:03 - 00000000 ____D () C:\Users\Diane\AppData\Local\SearchProtect 2014-02-02 14:03 - 2014-02-02 14:03 - 00002058 _____ () C:\Users\Public\Desktop\WiseConvert.lnk 2014-02-02 14:03 - 2014-02-02 14:03 - 00000000 ____D () C:\Users\Diane\AppData\Roaming\Mozilla 2014-02-02 14:03 - 2014-02-02 14:03 - 00000000 ____D () C:\ProgramData\Websteroids 2014-02-02 14:03 - 2014-02-02 14:03 - 00000000 ____D () C:\ProgramData\Updater 2014-02-02 14:03 - 2014-02-02 14:03 - 00000000 ____D () C:\ProgramData\RHelpers 2014-02-02 14:03 - 2014-02-02 14:03 - 00000000 ____D () C:\Program Files (x86)\YTD Downloader 2014-02-02 14:03 - 2014-02-02 14:03 - 00000000 ____D () C:\Program Files (x86)\WiseConvert 2014-02-02 14:03 - 2014-02-02 14:03 - 00000000 ____D () C:\Program Files (x86)\Bin 2014-02-02 13:57 - 2009-07-13 21:13 - 00779016 _____ () C:\Windows\System32\PerfStringBackup.INI 2014-02-01 18:16 - 2014-01-27 22:57 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForDiane.job 2014-02-01 17:51 - 2014-01-27 22:57 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForDiane 2014-02-01 17:15 - 2013-02-09 01:01 - 00000000 ____D () C:\Windows\Minidump 2014-02-01 17:14 - 2011-04-12 02:27 - 00287201 ____N () C:\Windows\Minidump\020114-75270-01.dmp 2014-01-31 15:09 - 2011-04-12 00:42 - 00000000 ____D () C:\ProgramData\PDFC 2014-01-31 13:53 - 2014-01-03 22:13 - 00000000 ____D () C:\Users\Diane\AppData\Roaming\Awesomium 2014-01-31 13:44 - 2014-01-31 13:44 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01009.Wdf 2014-01-31 13:44 - 2014-01-31 13:44 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_MijXfilt_01009.Wdf 2014-01-31 13:13 - 2014-01-31 13:13 - 00000925 _____ () C:\Users\Public\Desktop\DS3 Tool.lnk 2014-01-31 13:13 - 2014-01-31 13:13 - 00000000 ____D () C:\Users\Diane\AppData\Roaming\MotioninJoy 2014-01-31 13:13 - 2014-01-31 13:13 - 00000000 ____D () C:\Program Files\MotioninJoy 2014-01-31 13:11 - 2014-01-31 13:11 - 04117346 _____ () C:\Users\Diane\Downloads\MotioninJoy_071001_signed.zip 2014-01-31 13:11 - 2014-01-31 13:11 - 04117346 _____ () C:\Users\Diane\Downloads\MotioninJoy_071001_signed (1).zip 2014-01-30 17:09 - 2012-12-09 19:22 - 00000000 ____D () C:\Program Files (x86)\McAfee 2014-01-30 16:03 - 2011-05-20 16:15 - 00000000 ____D () C:\Users\Diane\AppData\Roaming\SoftGrid Client 2014-01-29 10:48 - 2013-07-31 17:31 - 00002145 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-01-23 18:52 - 2012-12-29 21:07 - 00000000 ____D () C:\Users\Diane\AppData\Roaming\MediaMonkey 2014-01-22 13:05 - 2012-12-09 19:23 - 00000000 ____D () C:\Program Files\Common Files\McAfee 2014-01-21 12:14 - 2014-01-21 12:14 - 00002183 _____ () C:\Users\Diane\Desktop\HP Support Assistant.lnk 2014-01-21 12:14 - 2011-04-12 00:21 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-01-21 12:14 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Help 2014-01-21 12:08 - 2011-04-12 00:20 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard 2014-01-21 12:05 - 2014-01-21 12:05 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F} 2014-01-21 12:01 - 2011-04-12 00:21 - 00000000 ____D () C:\ProgramData\Hewlett-Packard 2014-01-21 12:00 - 2011-04-12 00:30 - 00000000 ____D () C:\Windows\System32\Tasks\Hewlett-Packard 2014-01-21 12:00 - 2010-06-14 18:07 - 00000000 ____D () C:\swsetup 2014-01-20 19:58 - 2012-07-28 20:34 - 00000000 ____D () C:\Users\Diane\AppData\Roaming\HP Support Assistant 2014-01-20 19:58 - 2011-05-17 16:34 - 00000000 ____D () C:\Users\Diane\AppData\Roaming\HpUpdate 2014-01-19 10:21 - 2013-12-23 20:27 - 00031744 ___SH () C:\Users\Diane\Desktop\Thumbs.db 2014-01-16 19:39 - 2014-01-16 19:39 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_netaapl64_01009.Wdf 2014-01-16 10:14 - 2013-12-07 17:19 - 00000000 ____D () C:\Program Files (x86)\AOL OnePoint 2014-01-15 19:39 - 2013-12-07 17:19 - 00000000 ____D () C:\Users\Diane\AppData\Roaming\ID Vault 2014-01-13 20:02 - 2014-01-11 18:16 - 00000000 ____D () C:\Users\Diane\Documents\SelfMV 2014-01-13 20:01 - 2014-01-13 20:01 - 00001935 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk 2014-01-13 20:01 - 2014-01-06 19:10 - 00000000 ____D () C:\Users\Diane\AppData\Roaming\Samsung 2014-01-13 20:01 - 2014-01-06 18:57 - 00000000 ____D () C:\Program Files (x86)\Samsung 2014-01-13 20:00 - 2013-04-03 17:53 - 00000000 ____D () C:\Users\Diane\AppData\Local\Downloaded Installations Some content of TEMP: ==================== C:\Users\Diane\AppData\Local\Temp\44niaixd.dll C:\Users\Diane\AppData\Local\Temp\BackupSetup.exe C:\Users\Diane\AppData\Local\Temp\COMAP.EXE C:\Users\Diane\AppData\Local\Temp\dlLogic.exe C:\Users\Diane\AppData\Local\Temp\EnableExtDll.dll C:\Users\Diane\AppData\Local\Temp\Extract.exe C:\Users\Diane\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe C:\Users\Diane\AppData\Local\Temp\HPHelpUpdater.exe C:\Users\Diane\AppData\Local\Temp\nse6B0.exe C:\Users\Diane\AppData\Local\Temp\nsjBA54.exe C:\Users\Diane\AppData\Local\Temp\nsuC8B.exe C:\Users\Diane\AppData\Local\Temp\nszB66D.exe C:\Users\Diane\AppData\Local\Temp\Resource.exe C:\Users\Diane\AppData\Local\Temp\setup__4615.exe C:\Users\Diane\AppData\Local\Temp\setup__4793.exe C:\Users\Diane\AppData\Local\Temp\setup__5004.exe C:\Users\Diane\AppData\Local\Temp\setup__5708.exe C:\Users\Diane\AppData\Local\Temp\setup__5709.exe C:\Users\Diane\AppData\Local\Temp\SP58252.exe C:\Users\Diane\AppData\Local\Temp\sp58915.exe C:\Users\Diane\AppData\Local\Temp\sp64126.exe C:\Users\Diane\AppData\Local\Temp\SPSetup.exe C:\Users\Diane\AppData\Local\Temp\SPStub.exe C:\Users\Diane\AppData\Local\Temp\TidyNetwork.exe C:\Users\Diane\AppData\Local\Temp\tmpE18E.exe C:\Users\Diane\AppData\Local\Temp\UninstallHPSA.exe C:\Users\Diane\AppData\Local\Temp\UninstallHPTCA.exe C:\Users\Diane\AppData\Local\Temp\_is6AC3.exe C:\Users\Diane\AppData\Local\Temp\_isCD0E.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2014-01-26 22:32:07 Restore point made on: 2014-01-31 13:43:20 ==================== Memory info =========================== Percentage of memory in use: 8% Total physical RAM: 12031.29 MB Available physical RAM: 11041.65 MB Total Pagefile: 12029.48 MB Available Pagefile: 11028.23 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:918.51 GB) (Free:537.3 GB) NTFS Drive e: (HP_RECOVERY) (Fixed) (Total:12.9 GB) (Free:1.55 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive f: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF Drive g: (ReatogoPE) (Removable) (Total:1.87 GB) (Free:1.55 GB) NTFS Drive h: (EOS_DIGITAL) (Removable) (Total:7.39 GB) (Free:6.62 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 932 GB) (Disk ID: 3B9CA57A) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=919 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 2 GB) (Disk ID: 187A95F8) No partition Table on disk 1. ======================================================== Disk: 2 (Size: 7 GB) (Disk ID: 32223221) Partition 1: (Not Active) - (Size=7 GB) - (Type=0B) LastRegBack: 2014-01-28 22:47 ==================== End Of Log ============================