Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-10-2014 02
Ran by Eric (administrator) on ERIC on 15-10-2014 22:29:33
Running from C:\Users\Eric\Desktop
Loaded Profiles: UpdatusUser & Eric (Available profiles: UpdatusUser & Eric & Administrateur)
Platform: Windows 8.1 (X64) OS Language: Français (France)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(BitTorrent Inc.) C:\Users\Eric\AppData\Roaming\uTorrent\uTorrent.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(http://simple-files.com/) C:\Program Files (x86)\SimpleFilesUpdater\SimpleFilesUpdater.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13545032 2013-05-28] (Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5581888 2014-02-24] (ESET)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-26] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1301857053-3738279141-525233399-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-1301857053-3738279141-525233399-1002\...\Run: [uTorrent] => C:\Users\Eric\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-10-01] (BitTorrent Inc.)
HKU\S-1-5-21-1301857053-3738279141-525233399-1002\...\Run: [WindApp] => "C:\Users\Eric\AppData\Roaming\Store\WindApp\WindApp Update.exe" /winstartup
HKU\S-1-5-21-1301857053-3738279141-525233399-1002\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_152_Plugin.exe [854192 2014-09-09] (Adobe Systems Incorporated)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-05-14] (NVIDIA Corporation)
AppInit_DLLs: C:\PROGRA~2\SUPPOR~1\SUPPOR~2.DLL => C:\PROGRA~2\SUPPOR~1\SUPPOR~2.DLL File Not Found
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [201576 2013-05-14] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\progra~2\suppor~1\suppor~1.dll => "c:\progra~2\suppor~1\suppor~1.dll" File Not Found
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1413312787&from=exp&uid=ST1000DM003-1CH162_S1DGT9MWXXXXS1DGT9MW
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1413312787&from=exp&uid=ST1000DM003-1CH162_S1DGT9MWXXXXS1DGT9MW
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1413312787&from=exp&uid=ST1000DM003-1CH162_S1DGT9MWXXXXS1DGT9MW&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1413312787&from=exp&uid=ST1000DM003-1CH162_S1DGT9MWXXXXS1DGT9MW
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1413312787&from=exp&uid=ST1000DM003-1CH162_S1DGT9MWXXXXS1DGT9MW
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1413312787&from=exp&uid=ST1000DM003-1CH162_S1DGT9MWXXXXS1DGT9MW&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1413312787&from=exp&uid=ST1000DM003-1CH162_S1DGT9MWXXXXS1DGT9MW&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1413312787&from=exp&uid=ST1000DM003-1CH162_S1DGT9MWXXXXS1DGT9MW
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1413312787&from=exp&uid=ST1000DM003-1CH162_S1DGT9MWXXXXS1DGT9MW
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1413312787&from=exp&uid=ST1000DM003-1CH162_S1DGT9MWXXXXS1DGT9MW&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc&ts=1413312787&from=exp&uid=ST1000DM003-1CH162_S1DGT9MWXXXXS1DGT9MW
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1413312787&from=exp&uid=ST1000DM003-1CH162_S1DGT9MWXXXXS1DGT9MW&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1413312787&from=exp&uid=ST1000DM003-1CH162_S1DGT9MWXXXXS1DGT9MW&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1413312787&from=exp&uid=ST1000DM003-1CH162_S1DGT9MWXXXXS1DGT9MW&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1413312787&from=exp&uid=ST1000DM003-1CH162_S1DGT9MWXXXXS1DGT9MW&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1413312787&from=exp&uid=ST1000DM003-1CH162_S1DGT9MWXXXXS1DGT9MW&q={searchTerms}
Tcpip\Parameters: [DhcpNameServer] 192.168.0.254

FireFox:
========
FF ProfilePath: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\iaaljk46.default
FF NewTab: chrome://quick_start/content/index.html
FF Homepage: hxxp://istart.webssearches.com/?type=hp&ts=1413312787&from=exp&uid=ST1000DM003-1CH162_S1DGT9MWXXXXS1DGT9MW
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.Software.com/Software Update;version=3 -> C:\Program Files (x86)\Software\Update\1.3.25.0\npSoftwareUpdate3.dll No File
FF Plugin-x32: @tools.Software.com/Software Update;version=9 -> C:\Program Files (x86)\Software\Update\1.3.25.0\npSoftwareUpdate3.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-france.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\cnrtl-tlfi-fr.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-france.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-france.xml
FF Extension: Fast Start - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\iaaljk46.default\Extensions\faststartff@gmail.com [2014-10-14]
FF Extension: PriceLess - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\iaaljk46.default\Extensions\sr0B@8.edu [2014-10-14]
FF Extension: Adanak - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\iaaljk46.default\Extensions\{2f0ff925-183b-4210-98f5-cb2ffd917f2b}.xpi [2014-10-14]
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\iaaljk46.default\extensions\faststartff@gmail.com
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-09-08]

Chrome:
=======
CHR Profile: C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (PriceLess) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\omneikenbjoemigleneccmkkogfdilhc [2014-10-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 0278971410197454mcinstcleanup; C:\Users\Eric\AppData\Local\Temp\027897~1.EXE [836168 2014-03-13] (McAfee, Inc.)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1343408 2014-02-24] (ESET)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-08-07] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-08-07] (Microsoft Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-08-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-08-07] (Microsoft Corporation)
S2 70e6ca8c; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll",ENT
S2 be0fb33b; "C:\WINDOWS\system32\rundll32.exe" "c:\progra~2\suppor~1\SupporterSvc.dll",service
S2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe -service [X]
S2 Software_update; C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe /svc [X]
S3 Software_update_m; C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe /medsvc [X]
S2 Update Adanak; "C:\Program Files (x86)\Adanak\updateAdanak.exe" [X]
S2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -service [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-04-16] (ASUS Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [220232 2013-09-17] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44120 2013-09-17] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [62136 2013-09-17] (ESET)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-08-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-15 22:29 - 2014-10-15 22:29 - 00018317 _____ () C:\Users\Eric\Desktop\FRST.txt
2014-10-15 22:29 - 2014-10-15 22:29 - 00000000 ____D () C:\FRST
2014-10-15 22:18 - 2014-10-15 22:19 - 02111488 _____ (Farbar) C:\Users\Eric\Desktop\FRST64.exe
2014-10-15 18:35 - 2014-09-13 08:29 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-10-15 18:35 - 2014-09-13 07:49 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-10-15 18:35 - 2014-09-04 02:12 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-10-15 18:35 - 2014-09-04 02:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-10-14 21:43 - 2014-10-14 21:43 - 00001607 _____ () C:\WINDOWS\SysWOW64\${LOGFILE}
2014-10-14 21:40 - 2014-10-14 22:30 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\VOPackage
2014-10-14 20:55 - 2014-10-14 21:45 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\Store
2014-10-14 20:54 - 2014-10-14 21:46 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\Systweak
2014-10-14 20:54 - 2014-10-14 21:43 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\Nosibay
2014-10-14 20:54 - 2014-10-14 20:55 - 00001247 _____ () C:\Users\Eric\AppData\Roaming\Bubble Dock.boostrap.log
2014-10-14 20:54 - 2014-10-14 20:55 - 00000374 _____ () C:\Users\Eric\AppData\Roaming\WindApp.installation.log
2014-10-14 20:54 - 2014-10-14 20:54 - 00009029 _____ () C:\Users\Eric\AppData\Roaming\Bubble Dock.installation.log
2014-10-14 20:54 - 2014-10-14 20:54 - 00000097 _____ () C:\Users\Eric\AppData\Roaming\WindApp.boostrap.log
2014-10-14 20:54 - 2014-10-06 16:36 - 00020296 _____ () C:\WINDOWS\system32\roboot64.exe
2014-10-14 20:53 - 2014-10-15 21:58 - 00000924 _____ () C:\WINDOWS\Tasks\SoftwareUpdateTaskMachineUA.job
2014-10-14 20:53 - 2014-10-15 20:58 - 00000920 _____ () C:\WINDOWS\Tasks\SoftwareUpdateTaskMachineCore.job
2014-10-14 20:53 - 2014-10-14 22:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\SimpleFiles
2014-10-14 20:53 - 2014-10-14 22:30 - 00000000 ____D () C:\Program Files (x86)\SimpleFilesUpdater
2014-10-14 20:53 - 2014-10-14 22:30 - 00000000 ____D () C:\Program Files (x86)\SimpleFiles
2014-10-14 20:53 - 2014-10-14 21:37 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\337Games
2014-10-14 20:53 - 2014-10-14 21:36 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-10-14 20:53 - 2014-10-14 21:36 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-10-14 20:53 - 2014-10-14 20:53 - 00003896 _____ () C:\WINDOWS\System32\Tasks\SoftwareUpdateTaskMachineUA
2014-10-14 20:53 - 2014-10-14 20:53 - 00003660 _____ () C:\WINDOWS\System32\Tasks\SoftwareUpdateTaskMachineCore
2014-10-14 20:53 - 2014-10-14 20:53 - 00003100 _____ () C:\WINDOWS\System32\Tasks\Update Service SimpleFiles
2014-10-14 20:53 - 2014-10-14 20:53 - 00001949 _____ () C:\Users\Public\Desktop\SimpleFiles.lnk
2014-10-14 20:53 - 2014-10-14 20:53 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\SupTab
2014-10-14 20:53 - 2014-10-14 20:53 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\SimpleFiles
2014-10-14 20:53 - 2014-10-14 20:53 - 00000000 ____D () C:\Users\Eric\AppData\Local\Software
2014-10-14 20:52 - 2014-10-14 22:30 - 00000000 ____D () C:\Users\Eric\AppData\Local\Genesis_10141852
2014-10-14 20:52 - 2014-10-14 21:36 - 00000000 ____D () C:\ProgramData\PriceLess
2014-10-14 20:52 - 2014-10-14 20:52 - 00000290 __RSH () C:\ProgramData\ntuser.pol
2014-10-14 20:52 - 2014-10-14 20:52 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Torch
2014-10-14 20:52 - 2014-10-14 20:52 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google
2014-10-14 20:52 - 2014-10-14 20:52 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Comodo
2014-10-14 20:52 - 2014-10-14 20:52 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Chromatic Browser
2014-10-14 20:52 - 2014-10-14 20:52 - 00000000 ____D () C:\Users\Invité\AppData\Local\Torch
2014-10-14 20:52 - 2014-10-14 20:52 - 00000000 ____D () C:\Users\Invité\AppData\Local\Google
2014-10-14 20:52 - 2014-10-14 20:52 - 00000000 ____D () C:\Users\Invité\AppData\Local\Comodo
2014-10-14 20:52 - 2014-10-14 20:52 - 00000000 ____D () C:\Users\Invité\AppData\Local\Chromatic Browser
2014-10-14 20:52 - 2014-10-14 20:52 - 00000000 ____D () C:\Users\Invité
2014-10-14 20:52 - 2014-10-14 20:52 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-10-14 20:52 - 2014-10-14 20:52 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-10-14 20:52 - 2014-10-14 20:52 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-10-14 20:52 - 2014-10-14 20:52 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-10-14 20:52 - 2014-10-14 20:52 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-10-14 20:52 - 2014-10-14 20:52 - 00000000 ____D () C:\Users\Eric\AppData\Local\Torch
2014-10-14 20:52 - 2014-10-14 20:52 - 00000000 ____D () C:\Users\Eric\AppData\Local\Google
2014-10-14 20:52 - 2014-10-14 20:52 - 00000000 ____D () C:\Users\Eric\AppData\Local\Comodo
2014-10-14 20:52 - 2014-10-14 20:52 - 00000000 ____D () C:\Users\Eric\AppData\Local\Chromatic Browser
2014-10-14 20:52 - 2014-10-14 20:52 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-10-14 20:52 - 2014-10-14 20:52 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-10-14 20:52 - 2014-10-14 20:52 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-10-14 20:52 - 2014-10-14 20:52 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-10-14 20:52 - 2014-10-14 20:52 - 00000000 ____D () C:\ProgramData\b6ac24626d4d2da4
2014-10-02 19:27 - 2014-10-02 19:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-09-25 13:07 - 2014-09-25 13:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-25 11:05 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2014-09-18 16:28 - 2014-10-02 19:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird.bak

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-15 22:27 - 2014-09-10 19:58 - 00000000 ____D () C:\Users\Eric\AppData\Roaming\uTorrent
2014-10-15 22:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-10-15 21:53 - 2014-08-10 22:39 - 00001002 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-10-15 21:32 - 2014-08-07 22:24 - 01467343 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-15 19:41 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-10-15 19:40 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-10-15 18:38 - 2014-08-07 23:07 - 00003916 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2B588773-A13C-4133-B40A-2F9C5C0C864A}
2014-10-15 18:31 - 2014-08-07 22:57 - 00000000 ___DO () C:\Users\Eric\OneDrive
2014-10-15 18:31 - 2014-08-07 00:42 - 00000073 _____ () C:\Users\Eric\AppData\Roaming\sp_data.sys
2014-10-15 13:26 - 2014-03-18 12:02 - 01824010 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-15 13:26 - 2014-03-18 11:26 - 00812350 _____ () C:\WINDOWS\system32\perfh00C.dat
2014-10-15 13:26 - 2014-03-18 11:26 - 00159412 _____ () C:\WINDOWS\system32\perfc00C.dat
2014-10-15 12:41 - 2014-08-07 00:47 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1301857053-3738279141-525233399-1002
2014-10-15 12:16 - 2014-04-25 14:27 - 00003474 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update1
2014-10-15 12:16 - 2014-04-25 14:27 - 00003464 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update2
2014-10-14 22:32 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-14 22:32 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-10-14 22:30 - 2014-08-07 00:37 - 00000000 ____D () C:\Users\Eric\AppData\Local\ASUS
2014-10-14 22:30 - 2013-08-22 17:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-10-14 22:30 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2014-10-14 22:22 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\registration
2014-10-14 21:48 - 2014-08-07 22:55 - 00001460 _____ () C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-14 21:48 - 2014-08-07 00:54 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-14 21:48 - 2014-08-07 00:54 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-14 21:32 - 2014-03-18 03:51 - 00030792 _____ () C:\WINDOWS\PFRO.log
2014-10-13 18:53 - 2013-08-22 16:46 - 00369521 _____ () C:\WINDOWS\setupact.log
2014-10-02 21:19 - 2014-08-07 00:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-01 21:14 - 2014-08-06 20:05 - 00000000 ____D () C:\Users\Eric\AppData\Local\Packages
2014-09-30 00:45 - 2013-08-22 17:38 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-09-30 00:45 - 2013-08-22 17:38 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-28 15:25 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-09-26 22:00 - 2013-04-26 01:15 - 06321192 _____ () C:\WINDOWS\AsDebug.log
2014-09-26 22:00 - 2013-04-26 01:15 - 01504926 _____ () C:\WINDOWS\AsCDProc.log
2014-09-25 10:51 - 2014-08-07 14:28 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-16 18:18 - 2013-08-22 16:44 - 00388424 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS


Some content of TEMP:
====================
C:\Users\Eric\AppData\Local\Temp\0278971410197454mcinst.exe
C:\Users\Eric\AppData\Local\Temp\18be6784_.exe
C:\Users\Eric\AppData\Local\Temp\294823_.exe
C:\Users\Eric\AppData\Local\Temp\7l1ZWLhw5p.exe
C:\Users\Eric\AppData\Local\Temp\c9Rd2tDQ4u.exe
C:\Users\Eric\AppData\Local\Temp\Db1aM35LAC.exe
C:\Users\Eric\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Eric\AppData\Local\Temp\I26jbzPYI1.exe
C:\Users\Eric\AppData\Local\Temp\InstHelper.exe
C:\Users\Eric\AppData\Local\Temp\M7mcnemeyZ.exe
C:\Users\Eric\AppData\Local\Temp\nd3f1NGfjB.exe
C:\Users\Eric\AppData\Local\Temp\networkme1.exe
C:\Users\Eric\AppData\Local\Temp\optprosetup.exe
C:\Users\Eric\AppData\Local\Temp\OVxd7QqAqU.exe
C:\Users\Eric\AppData\Local\Temp\xORqw3JNNk.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-06 20:37

==================== End Of Log ============================