Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected machine Vinus, unknown virus


  • This topic is locked This topic is locked
202 replies to this topic

#1 domipj

domipj

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 11 May 2014 - 09:55 PM

I have now only three machine with the same kind of problem. after cleaning. Symptoms came back and the machine are worth.

 

best regards

Dominique

Attached Files



BC AdBot (Login to Remove)

 


m

#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,901 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:51 PM

Posted 16 May 2014 - 03:33 PM

Hello and Welcome on board domipj :welcome:,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 

Let's do a scan with FRST.

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,901 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:51 PM

Posted 19 May 2014 - 09:37 AM

Still with me?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#4 domipj

domipj
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 19 May 2014 - 03:38 PM

ok I m back again . Thank you machiavelli for your help. Shall I do the sqmke for the 4 machine or just for one ?

 

Dominique



#5 domipj

domipj
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 19 May 2014 - 09:52 PM

Sir,
 
I cannot get other option like addition.txt.
 
 
============================================================================================
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by VenusDominique on VENUS on 20-05-2014 09:48:00
Running from C:\Users\VenusDominique.Venus\Desktop
Platform: WIN_7 Service Pack 1 (X64) OS Language: English(US)
Boot Mode: Recovery
Attention: Could not load system hive.
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Registry (Whitelisted) ==================
 
ATTENTION: Software hive is not loaded.
 
==================== Services (Whitelisted) =================
 
 
==================== Drivers (Whitelisted) ====================
 
 
========================== Drivers MD5 =======================
 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-20 09:48 - 2014-05-20 09:48 - 00001165 _____ () C:\Users\VenusDominique.Venus\Desktop\FRST.txt
2014-05-20 03:59 - 2014-05-20 09:48 - 00000000 ____D () C:\FRST
2014-05-20 03:57 - 2014-05-20 03:57 - 02067456 _____ (Farbar) C:\Users\VenusDominique.Venus\Desktop\FRST64.exe
2014-05-20 03:56 - 2014-05-20 03:57 - 02067456 _____ (Farbar) C:\Users\VenusDominique.Venus\Downloads\FRST64.exe
2014-05-18 09:24 - 2014-05-18 09:24 - 00001082 _____ () C:\Users\VenusDominique.Venus\Downloads\Downloads - Shortcut.lnk
2014-05-15 09:00 - 2014-05-06 11:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-05-15 09:00 - 2014-05-06 11:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-05-15 09:00 - 2014-05-06 10:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 09:00 - 2014-05-06 10:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 09:00 - 2014-05-06 10:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-05-15 09:00 - 2014-05-06 09:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 21:09 - 2014-05-09 13:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-05-14 21:09 - 2014-05-09 13:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-05-14 21:09 - 2014-03-25 09:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2014-05-14 21:09 - 2014-03-25 09:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 21:06 - 2014-04-12 09:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2014-05-14 21:06 - 2014-04-12 09:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2014-05-14 21:06 - 2014-04-12 09:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2014-05-14 21:06 - 2014-04-12 09:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2014-05-14 21:06 - 2014-04-12 09:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2014-05-14 21:06 - 2014-04-12 09:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2014-05-14 21:06 - 2014-04-12 09:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2014-05-14 21:06 - 2014-04-12 09:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 21:06 - 2014-04-12 09:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 21:06 - 2014-03-04 16:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2014-05-14 21:06 - 2014-03-04 16:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2014-05-14 21:06 - 2014-03-04 16:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\System32\objsel.dll
2014-05-14 21:06 - 2014-03-04 16:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2014-05-14 21:06 - 2014-03-04 16:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2014-05-14 21:06 - 2014-03-04 16:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2014-05-14 21:06 - 2014-03-04 16:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2014-05-14 21:06 - 2014-03-04 16:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2014-05-14 21:06 - 2014-03-04 16:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\wincredprovider.dll
2014-05-14 21:06 - 2014-03-04 16:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\System32\winlogon.exe
2014-05-14 21:06 - 2014-03-04 16:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\System32\cngprovider.dll
2014-05-14 21:06 - 2014-03-04 16:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\System32\adprovider.dll
2014-05-14 21:06 - 2014-03-04 16:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\capiprovider.dll
2014-05-14 21:06 - 2014-03-04 16:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\dpapiprovider.dll
2014-05-14 21:06 - 2014-03-04 16:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\System32\dimsroam.dll
2014-05-14 21:06 - 2014-03-04 16:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2014-05-14 21:06 - 2014-03-04 16:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 21:06 - 2014-03-04 16:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 21:06 - 2014-03-04 16:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 21:06 - 2014-03-04 16:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 21:06 - 2014-03-04 16:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 21:06 - 2014-03-04 16:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 21:06 - 2014-03-04 16:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 21:06 - 2014-03-04 16:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 21:06 - 2014-03-04 16:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 21:06 - 2014-03-04 16:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 21:06 - 2014-03-04 16:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 21:06 - 2014-03-04 16:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 21:06 - 2014-03-04 16:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 21:06 - 2014-03-04 16:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 21:06 - 2014-03-04 16:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 21:06 - 2014-03-04 16:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 20:56 - 2014-05-14 20:56 - 01325827 _____ () C:\Users\VenusDominique.Venus\Desktop\AdwCleaner (2).exe
2014-05-14 20:55 - 2014-05-14 20:56 - 01325827 _____ () C:\Users\VenusDominique.Venus\Downloads\AdwCleaner (2).exe
2014-05-13 17:40 - 2005-02-20 18:06 - 00001388 _____ () C:\Users\VenusDominique.Venus\Desktop\CD1.cue
2014-05-12 15:29 - 2014-05-04 08:59 - 00448512 _____ (OldTimer Tools) C:\Users\VenusDominique.Venus\Desktop\TFC.exe
2014-05-12 10:25 - 2014-05-12 10:25 - 01325827 _____ () C:\Users\VenusDominique.Venus\Downloads\AdwCleaner (1).exe
2014-05-12 09:42 - 2014-05-12 09:42 - 00688992 _____ (Swearware) C:\Users\VenusDominique.Venus\Downloads\dds.com
2014-05-10 17:59 - 2014-05-10 17:59 - 00457632 _____ (Bleeping Computer, LLC) C:\Users\VenusDominique.Venus\Downloads\FixExec.exe
2014-05-10 05:17 - 2014-05-10 05:17 - 01071792 _____ (Solid State Networks) C:\Users\VenusDominique.Venus\Downloads\install_reader11_en_mssd_aaa_aih.exe
2014-05-09 15:59 - 2014-05-09 15:59 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-05-09 15:59 - 2014-05-09 15:59 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-05-09 08:32 - 2014-05-09 08:32 - 00003204 _____ () C:\Windows\System32\Tasks\{47342C96-D420-4752-B767-1676D66052ED}
2014-05-09 08:11 - 2014-05-09 08:12 - 00204496 _____ (Malwarebytes) C:\Users\VenusDominique.Venus\Downloads\startuplite-setup-1.07.exe
2014-05-09 07:43 - 2014-05-09 07:43 - 01071792 _____ (Solid State Networks) C:\Users\VenusDominique.Venus\Downloads\install_reader11_en_mssa_aaa_aih (3).exe
2014-05-09 05:51 - 2014-05-09 05:53 - 00000000 ____D () C:\Program Files (x86)\GUM556C.tmp
2014-05-08 19:43 - 2014-05-08 19:45 - 00000000 ____D () C:\Program Files (x86)\GUMD346.tmp
2014-05-08 17:59 - 2014-05-08 18:00 - 01071792 _____ (Solid State Networks) C:\Users\VenusDominique.Venus\Downloads\install_reader11_en_mssa_aaa_aih.exe
2014-05-08 17:36 - 2014-05-08 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Installer Clean Up
2014-05-08 17:34 - 2014-05-08 17:34 - 00000022 _____ () C:\Windows\Wininit.ini
2014-05-08 17:31 - 2014-05-08 17:31 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes
2014-05-08 17:25 - 2014-05-08 17:32 - 19590440 _____ (Wondershare Software Co.,Ltd. ) C:\Users\VenusDominique.Venus\Downloads\data-recovery_full935.exe
2014-05-08 12:34 - 2014-05-08 12:34 - 00002178 _____ () C:\Users\VenusDominique.Venus\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-05-08 12:28 - 2014-05-08 12:28 - 00001027 _____ () C:\Users\VenusThu\Desktop\NTREGOPT.lnk
2014-05-08 12:28 - 2014-05-08 12:28 - 00001027 _____ () C:\Users\VenusDominique.Venus\Desktop\NTREGOPT.lnk
2014-05-08 12:28 - 2014-05-08 12:28 - 00001027 _____ () C:\Users\VenusBrigitte\Desktop\NTREGOPT.lnk
2014-05-08 12:28 - 2014-05-08 12:28 - 00001027 _____ () C:\Users\HomeGroupUser$\Desktop\NTREGOPT.lnk
2014-05-08 12:28 - 2014-05-08 12:28 - 00001027 _____ () C:\Users\Administrator.Venus\Desktop\NTREGOPT.lnk
2014-05-08 12:28 - 2014-05-08 12:28 - 00000000 ____D () C:\Program Files (x86)\NT Registry Optimizer
2014-05-05 09:21 - 2014-05-05 09:23 - 00000000 ___RD () C:\VENUS
2014-05-05 09:21 - 2014-05-05 09:21 - 00000528 ____R () C:\MediaID.bin
2014-05-04 09:09 - 2014-05-04 09:09 - 01071792 _____ (Solid State Networks) C:\Users\VenusDominique.Venus\Downloads\install_reader11_en_mssa_aaa_aih (1).exe
2014-05-04 07:15 - 2014-05-04 07:16 - 02347384 _____ (ESET) C:\Users\VenusDominique.Venus\Downloads\esetsmartinstaller_enu (2).exe
2014-05-04 07:15 - 2014-05-04 07:16 - 02347384 _____ (ESET) C:\Users\VenusDominique.Venus\Downloads\esetsmartinstaller_enu (1).exe
2014-05-03 17:46 - 2014-05-03 17:46 - 00075902 _____ () C:\Users\VenusDominique.Venus\Downloads\IsitavirusandhowtogetridofitpleasepageNumber-AmIinfectedWhatdoIdo.html
2014-05-03 17:25 - 2014-05-03 17:25 - 00000000 ____D () C:\Users\VenusDominique.Venus\AppData\Roaming\DropboxMaster
2014-05-02 17:22 - 2014-05-02 17:22 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-02 12:24 - 2014-05-02 12:24 - 00124468 _____ () C:\Users\VenusDominique.Venus\Downloads\168950-ICAO (2).kmz
2014-05-02 12:23 - 2014-05-02 12:23 - 00124468 _____ () C:\Users\VenusDominique.Venus\Downloads\168950-ICAO.kmz
2014-05-02 12:23 - 2014-05-02 12:23 - 00124468 _____ () C:\Users\VenusDominique.Venus\Downloads\168950-ICAO (1).kmz
2014-05-02 09:34 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-02 09:24 - 2014-05-02 09:24 - 01310621 _____ () C:\Users\VenusDominique.Venus\Downloads\AdwCleaner.exe
2014-05-02 09:18 - 2014-05-02 09:18 - 00982016 _____ (Farbar) C:\Users\VenusDominique.Venus\Downloads\MiniToolBox.exe
2014-05-02 05:17 - 2014-05-02 05:18 - 18886880 _____ (SUPERAntiSpyware) C:\Users\VenusDominique.Venus\Downloads\SUPERAntiSpyware (1).exe
2014-05-01 17:52 - 2014-05-04 09:33 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-05-01 17:46 - 2014-05-01 17:47 - 18878456 _____ (SUPERAntiSpyware) C:\Users\VenusDominique.Venus\Downloads\SUPERAntiSpyware.exe
2014-04-30 17:22 - 2014-04-30 17:30 - 00000000 ____D () C:\Users\VenusDominique.Venus\Desktop\business cards
2014-04-30 14:48 - 2014-04-30 14:49 - 00000000 ____D () C:\Users\VenusDominique.Venus\Desktop\USB Brigitte
2014-04-30 09:50 - 2014-05-01 16:21 - 00000000 ____D () C:\Users\VenusDominique.Venus\AppData\Roaming\mIRC
2014-04-30 09:50 - 2014-04-30 14:17 - 00000000 ____D () C:\Program Files (x86)\mIRC
2014-04-30 09:50 - 2014-04-30 09:50 - 00000970 _____ () C:\Users\Public\Desktop\mIRC.lnk
2014-04-30 09:47 - 2014-04-30 09:48 - 01944960 _____ (mIRC Co. Ltd.) C:\Users\VenusDominique.Venus\Downloads\mirc732.exe
2014-04-30 05:25 - 2014-04-30 05:29 - 00000000 ___SD () C:\Users\VenusDominique.Venus\Documents\My DocsToGo
2014-04-30 05:25 - 2014-04-30 05:25 - 00000800 _____ () C:\Users\Public\Desktop\My DocsToGo.lnk
2014-04-30 05:17 - 2014-04-30 05:17 - 00001210 _____ () C:\Users\Public\Desktop\Documents To Go Desktop for iOS.lnk
2014-04-30 05:15 - 2014-04-30 05:15 - 03200280 _____ () C:\Users\VenusDominique.Venus\Downloads\documentstogoiphn4.0001.010.exe
2014-04-29 17:15 - 2014-04-29 17:15 - 00000000 ____D () C:\Users\VenusDominique.Venus\Desktop\Mozart - Concerto pour piano  N°20
2014-04-29 16:22 - 2014-04-29 16:22 - 00002903 _____ () C:\Users\VenusDominique.Venus\AppData\Local\recently-used.xbel
2014-04-28 18:07 - 2014-04-29 15:39 - 00000000 ____D () C:\Users\VenusDominique.Venus\Desktop\Dominique
2014-04-28 11:37 - 2014-04-28 11:37 - 00000000 ____D () C:\Users\VenusDominique.Venus\Downloads\AVS Video Converter .Vr. 5.92.148+ Crack
2014-04-28 09:40 - 2014-05-15 09:01 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-04-28 08:43 - 2014-04-28 13:14 - 00000000 ____D () C:\Users\VenusDominique.Venus\Downloads\Les gammes de la guitare 1.2.3  Philippe Ganter
2014-04-28 08:43 - 2014-04-28 08:43 - 00055706 _____ () C:\Users\VenusDominique.Venus\Downloads\s-s0hfh517f26z6p1anc8m6rpkk4pee.torrent2.torrent2.torrent
2014-04-28 08:36 - 2014-04-28 08:36 - 00000000 ____D () C:\Extensions
2014-04-28 06:25 - 2014-04-28 06:25 - 09471280 _____ () C:\Users\VenusDominique.Venus\Downloads\bitcomet_1-37_fr_12987_64.exe
2014-04-27 20:43 - 2014-04-27 20:44 - 05652608 _____ () C:\Users\VenusDominique.Venus\Downloads\sony_dsc.zip
2014-04-27 11:55 - 2014-04-27 11:55 - 03972608 _____ () C:\Users\VenusDominique.Venus\Downloads\RogueKiller.exe
2014-04-26 20:13 - 2014-04-26 20:13 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-04-26 17:51 - 2014-04-27 04:30 - 00000000 ____D () C:\Users\VenusDominique.Venus\Desktop\mbar
2014-04-26 17:51 - 2014-04-27 04:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-25 16:53 - 2014-05-20 09:18 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-04-25 16:51 - 2014-04-25 16:51 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-25 16:50 - 2014-04-26 22:47 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-04-25 16:50 - 2014-04-25 16:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-25 16:50 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-04-21 07:16 - 2014-05-11 04:51 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-04-21 07:11 - 2014-04-21 07:11 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-VENUS-Microsoft-Windows-7-Professional-(64-bit).dat
2014-04-21 07:10 - 2014-04-21 07:10 - 00000000 ____D () C:\RegBackup
 
==================== One Month Modified Files and Folders =======
 
2014-05-20 09:48 - 2014-05-20 09:48 - 00001165 _____ () C:\Users\VenusDominique.Venus\Desktop\FRST.txt
2014-05-20 09:48 - 2014-05-20 03:59 - 00000000 ____D () C:\FRST
2014-05-20 09:45 - 2012-07-22 17:18 - 00000000 ____D () C:\Users\VenusDominique.Venus\AppData\Roaming\Skype
2014-05-20 09:25 - 2014-01-15 09:12 - 00003518 _____ () C:\Windows\System32\Tasks\FileAdvisorCheck
2014-05-20 09:25 - 2014-01-15 09:11 - 00000000 ____D () C:\Program Files (x86)\File Type Advisor
2014-05-20 09:23 - 2012-05-03 14:35 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-05-20 09:18 - 2014-04-25 16:53 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-05-20 09:13 - 2014-01-16 09:12 - 00000000 ____D () C:\Users\VenusDominique.Venus\AppData\Roaming\FileAdvisor
2014-05-20 09:06 - 2014-03-28 17:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-20 08:57 - 2012-12-16 10:43 - 00001084 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-20 08:49 - 2014-02-04 10:26 - 00000956 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3711420242-1791583040-2677181901-1005UA.job
2014-05-20 08:09 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\tracing
2014-05-20 05:57 - 2012-12-16 10:43 - 00001080 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-20 05:35 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\rescache
2014-05-20 04:42 - 2014-04-11 16:08 - 00000000 ____D () C:\Users\VenusDominique.Venus\AppData\Local\CrashDumps
2014-05-20 03:58 - 2012-01-16 16:07 - 01404916 _____ () C:\Windows\WindowsUpdate.log
2014-05-20 03:57 - 2014-05-20 03:57 - 02067456 _____ (Farbar) C:\Users\VenusDominique.Venus\Desktop\FRST64.exe
2014-05-20 03:57 - 2014-05-20 03:56 - 02067456 _____ (Farbar) C:\Users\VenusDominique.Venus\Downloads\FRST64.exe
2014-05-20 03:56 - 2009-07-14 11:45 - 00026352 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-20 03:56 - 2009-07-14 11:45 - 00026352 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-20 03:53 - 2013-01-10 11:42 - 00000000 ___RD () C:\Users\VenusDominique.Venus\Dropbox
2014-05-20 03:50 - 2013-01-10 11:37 - 00000000 ____D () C:\Users\VenusDominique.Venus\AppData\Roaming\Dropbox
2014-05-20 03:50 - 2012-08-20 10:00 - 00000000 ____D () C:\Users\VenusDominique.Venus\AppData\Roaming\BitComet
2014-05-20 03:49 - 2014-03-27 19:02 - 00000000 ____D () C:\Users\VenusDominique.Venus\AppData\Roaming\ViberPC
2014-05-20 03:48 - 2014-03-27 18:56 - 00000000 ____D () C:\Users\VenusDominique.Venus\AppData\Local\Viber
2014-05-20 03:41 - 2012-12-02 10:20 - 00032632 _____ () C:\Windows\setupact.log
2014-05-20 03:41 - 2012-01-16 19:45 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-20 03:41 - 2009-07-14 12:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-18 09:24 - 2014-05-18 09:24 - 00001082 _____ () C:\Users\VenusDominique.Venus\Downloads\Downloads - Shortcut.lnk
2014-05-15 09:01 - 2014-04-28 09:40 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-05-15 09:01 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-15 08:59 - 2012-08-27 12:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 21:25 - 2013-05-07 10:26 - 00350120 _____ () C:\Windows\PFRO.log
2014-05-14 21:23 - 2013-10-16 11:19 - 00000000 ____D () C:\AdwCleaner
2014-05-14 21:18 - 2013-10-26 17:17 - 00000000 ____D () C:\Windows\System32\MRT
2014-05-14 21:18 - 2012-05-03 14:53 - 93223848 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-05-14 20:56 - 2014-05-14 20:56 - 01325827 _____ () C:\Users\VenusDominique.Venus\Desktop\AdwCleaner (2).exe
2014-05-14 20:56 - 2014-05-14 20:55 - 01325827 _____ () C:\Users\VenusDominique.Venus\Downloads\AdwCleaner (2).exe
2014-05-14 19:51 - 2014-02-04 10:26 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3711420242-1791583040-2677181901-1005Core.job
2014-05-14 09:00 - 2009-07-14 12:13 - 00786598 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-05-12 10:25 - 2014-05-12 10:25 - 01325827 _____ () C:\Users\VenusDominique.Venus\Downloads\AdwCleaner (1).exe
2014-05-12 09:42 - 2014-05-12 09:42 - 00688992 _____ (Swearware) C:\Users\VenusDominique.Venus\Downloads\dds.com
2014-05-11 22:45 - 2012-01-26 20:01 - 00115968 _____ () C:\Users\VenusDominique.Venus\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-11 22:43 - 2009-07-14 11:45 - 04996504 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-05-11 22:41 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\Vss
2014-05-11 04:51 - 2014-04-21 07:16 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-05-11 04:44 - 2012-08-27 09:57 - 00003160 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-05-11 04:34 - 2009-07-14 09:34 - 00000549 _____ () C:\Windows\win.ini
2014-05-10 17:59 - 2014-05-10 17:59 - 00457632 _____ (Bleeping Computer, LLC) C:\Users\VenusDominique.Venus\Downloads\FixExec.exe
2014-05-10 05:17 - 2014-05-10 05:17 - 01071792 _____ (Solid State Networks) C:\Users\VenusDominique.Venus\Downloads\install_reader11_en_mssd_aaa_aih.exe
2014-05-09 21:08 - 2012-08-27 09:26 - 00000000 ____D () C:\Users\VenusDominique.Venus\AppData\Local\Adobe
2014-05-09 16:00 - 2014-03-17 17:02 - 00002057 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-05-09 16:00 - 2014-03-17 17:02 - 00002055 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-05-09 16:00 - 2014-03-17 17:02 - 00002045 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-05-09 15:59 - 2014-05-09 15:59 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-05-09 15:59 - 2014-05-09 15:59 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-05-09 13:14 - 2014-05-14 21:09 - 00477184 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-05-09 13:11 - 2014-05-14 21:09 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-05-09 09:00 - 2013-12-06 14:48 - 00000000 ____D () C:\Program Files (x86)\FileZilla Server
2014-05-09 08:32 - 2014-05-09 08:32 - 00003204 _____ () C:\Windows\System32\Tasks\{47342C96-D420-4752-B767-1676D66052ED}
2014-05-09 08:12 - 2014-05-09 08:11 - 00204496 _____ (Malwarebytes) C:\Users\VenusDominique.Venus\Downloads\startuplite-setup-1.07.exe
2014-05-09 07:43 - 2014-05-09 07:43 - 01071792 _____ (Solid State Networks) C:\Users\VenusDominique.Venus\Downloads\install_reader11_en_mssa_aaa_aih (3).exe
2014-05-09 05:53 - 2014-05-09 05:51 - 00000000 ____D () C:\Program Files (x86)\GUM556C.tmp
2014-05-09 05:52 - 2012-12-16 10:43 - 00004080 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-09 05:52 - 2012-12-16 10:43 - 00003828 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-08 20:02 - 2013-12-04 11:08 - 00000000 ____D () C:\Users\VenusDominique.Venus\AppData\Roaming\TeamViewer Manager
2014-05-08 19:45 - 2014-05-08 19:43 - 00000000 ____D () C:\Program Files (x86)\GUMD346.tmp
2014-05-08 19:44 - 2014-02-04 10:26 - 00003948 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3711420242-1791583040-2677181901-1005UA
2014-05-08 19:44 - 2014-02-04 10:26 - 00003552 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3711420242-1791583040-2677181901-1005Core
2014-05-08 18:00 - 2014-05-08 17:59 - 01071792 _____ (Solid State Networks) C:\Users\VenusDominique.Venus\Downloads\install_reader11_en_mssa_aaa_aih.exe
2014-05-08 17:36 - 2014-05-08 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Installer Clean Up
2014-05-08 17:34 - 2014-05-08 17:34 - 00000022 _____ () C:\Windows\Wininit.ini
2014-05-08 17:34 - 2012-08-28 08:15 - 00000000 ____D () C:\Windows\System32\appmgmt
2014-05-08 17:32 - 2014-05-08 17:25 - 19590440 _____ (Wondershare Software Co.,Ltd. ) C:\Users\VenusDominique.Venus\Downloads\data-recovery_full935.exe
2014-05-08 17:31 - 2014-05-08 17:31 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes
2014-05-08 17:31 - 2011-12-19 19:18 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-05-08 14:33 - 2014-02-13 09:58 - 00001315 _____ () C:\Windows\System32\TeamViewer9_Hooks.log
2014-05-08 14:10 - 2013-10-06 10:50 - 00003744 _____ () C:\Windows\SysWOW64\UpdateLog.GDZ
2014-05-08 14:09 - 2012-01-26 19:34 - 00000000 ____D () C:\users\VenusDominique.Venus
2014-05-08 12:36 - 2012-01-26 19:34 - 13631488 ___SH () C:\Users\VenusDominique.Venus\NTUSER.bak
2014-05-08 12:36 - 2009-07-14 09:34 - 90701824 _____ () C:\Windows\System32\config\SOFTWARE.bak
2014-05-08 12:36 - 2009-07-14 09:34 - 47448064 _____ () C:\Windows\System32\config\COMPONENTS.bak
2014-05-08 12:36 - 2009-07-14 09:34 - 22544384 _____ () C:\Windows\System32\config\SYSTEM.bak
2014-05-08 12:36 - 2009-07-14 09:34 - 00524288 _____ () C:\Windows\System32\config\DEFAULT.bak
2014-05-08 12:36 - 2009-07-14 09:34 - 00176128 _____ () C:\Windows\System32\config\SAM.bak
2014-05-08 12:36 - 2009-07-14 09:34 - 00032768 _____ () C:\Windows\System32\config\SECURITY.bak
2014-05-08 12:34 - 2014-05-08 12:34 - 00002178 _____ () C:\Users\VenusDominique.Venus\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-05-08 12:34 - 2012-01-27 05:47 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{FED42C8F-5868-46A3-ADBA-9E527171EF05}
2014-05-08 12:28 - 2014-05-08 12:28 - 00001027 _____ () C:\Users\VenusThu\Desktop\NTREGOPT.lnk
2014-05-08 12:28 - 2014-05-08 12:28 - 00001027 _____ () C:\Users\VenusDominique.Venus\Desktop\NTREGOPT.lnk
2014-05-08 12:28 - 2014-05-08 12:28 - 00001027 _____ () C:\Users\VenusBrigitte\Desktop\NTREGOPT.lnk
2014-05-08 12:28 - 2014-05-08 12:28 - 00001027 _____ () C:\Users\HomeGroupUser$\Desktop\NTREGOPT.lnk
2014-05-08 12:28 - 2014-05-08 12:28 - 00001027 _____ () C:\Users\Administrator.Venus\Desktop\NTREGOPT.lnk
2014-05-08 12:28 - 2014-05-08 12:28 - 00000000 ____D () C:\Program Files (x86)\NT Registry Optimizer
2014-05-06 13:50 - 2012-08-29 09:16 - 00000000 ____D () C:\Users\VenusDominique.Venus\Desktop\Adobe CS4 Activation Patch
2014-05-06 13:48 - 2013-12-26 19:25 - 00000000 ____D () C:\ProgramData\Speed Streamer
2014-05-06 11:40 - 2014-05-15 09:00 - 23544320 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-05-06 11:17 - 2014-05-15 09:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-05-06 10:25 - 2014-05-15 09:00 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 10:07 - 2014-05-15 09:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 10:00 - 2014-05-15 09:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-05-06 09:10 - 2014-05-15 09:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 09:23 - 2014-05-05 09:21 - 00000000 ___RD () C:\VENUS
2014-05-05 09:21 - 2014-05-05 09:21 - 00000528 ____R () C:\MediaID.bin
2014-05-04 09:33 - 2014-05-01 17:52 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-05-04 09:31 - 2013-12-08 08:16 - 00000000 ____D () C:\Program Files (x86)\eRightSoft
2014-05-04 09:09 - 2014-05-04 09:09 - 01071792 _____ (Solid State Networks) C:\Users\VenusDominique.Venus\Downloads\install_reader11_en_mssa_aaa_aih (1).exe
2014-05-04 09:09 - 2012-12-30 16:07 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-04 08:59 - 2014-05-12 15:29 - 00448512 _____ (OldTimer Tools) C:\Users\VenusDominique.Venus\Desktop\TFC.exe
2014-05-04 07:16 - 2014-05-04 07:15 - 02347384 _____ (ESET) C:\Users\VenusDominique.Venus\Downloads\esetsmartinstaller_enu (2).exe
2014-05-04 07:16 - 2014-05-04 07:15 - 02347384 _____ (ESET) C:\Users\VenusDominique.Venus\Downloads\esetsmartinstaller_enu (1).exe
2014-05-03 17:46 - 2014-05-03 17:46 - 00075902 _____ () C:\Users\VenusDominique.Venus\Downloads\IsitavirusandhowtogetridofitpleasepageNumber-AmIinfectedWhatdoIdo.html
2014-05-03 17:25 - 2014-05-03 17:25 - 00000000 ____D () C:\Users\VenusDominique.Venus\AppData\Roaming\DropboxMaster
2014-05-02 19:14 - 2012-07-22 17:17 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-02 17:22 - 2014-05-02 17:22 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-02 12:24 - 2014-05-02 12:24 - 00124468 _____ () C:\Users\VenusDominique.Venus\Downloads\168950-ICAO (2).kmz
2014-05-02 12:23 - 2014-05-02 12:23 - 00124468 _____ () C:\Users\VenusDominique.Venus\Downloads\168950-ICAO.kmz
2014-05-02 12:23 - 2014-05-02 12:23 - 00124468 _____ () C:\Users\VenusDominique.Venus\Downloads\168950-ICAO (1).kmz
2014-05-02 09:24 - 2014-05-02 09:24 - 01310621 _____ () C:\Users\VenusDominique.Venus\Downloads\AdwCleaner.exe
2014-05-02 09:18 - 2014-05-02 09:18 - 00982016 _____ (Farbar) C:\Users\VenusDominique.Venus\Downloads\MiniToolBox.exe
2014-05-02 05:18 - 2014-05-02 05:17 - 18886880 _____ (SUPERAntiSpyware) C:\Users\VenusDominique.Venus\Downloads\SUPERAntiSpyware (1).exe
2014-05-01 17:47 - 2014-05-01 17:46 - 18878456 _____ (SUPERAntiSpyware) C:\Users\VenusDominique.Venus\Downloads\SUPERAntiSpyware.exe
2014-05-01 17:26 - 2012-08-28 06:03 - 00000000 ____D () C:\Users\VenusDominique.Venus\AppData\Roaming\gSyncit
2014-05-01 16:21 - 2014-04-30 09:50 - 00000000 ____D () C:\Users\VenusDominique.Venus\AppData\Roaming\mIRC
2014-05-01 01:45 - 2012-08-27 05:58 - 00000000 ____D () C:\Users\VenusDominique.Venus\AppData\Roaming\Mozilla
2014-04-30 17:30 - 2014-04-30 17:22 - 00000000 ____D () C:\Users\VenusDominique.Venus\Desktop\business cards
2014-04-30 14:49 - 2014-04-30 14:48 - 00000000 ____D () C:\Users\VenusDominique.Venus\Desktop\USB Brigitte
2014-04-30 14:17 - 2014-04-30 09:50 - 00000000 ____D () C:\Program Files (x86)\mIRC
2014-04-30 09:50 - 2014-04-30 09:50 - 00000970 _____ () C:\Users\Public\Desktop\mIRC.lnk
2014-04-30 09:48 - 2014-04-30 09:47 - 01944960 _____ (mIRC Co. Ltd.) C:\Users\VenusDominique.Venus\Downloads\mirc732.exe
2014-04-30 05:45 - 2014-03-17 12:07 - 00000000 ____D () C:\Windows\pss
2014-04-30 05:29 - 2014-04-30 05:25 - 00000000 ___SD () C:\Users\VenusDominique.Venus\Documents\My DocsToGo
2014-04-30 05:25 - 2014-04-30 05:25 - 00000800 _____ () C:\Users\Public\Desktop\My DocsToGo.lnk
2014-04-30 05:17 - 2014-04-30 05:17 - 00001210 _____ () C:\Users\Public\Desktop\Documents To Go Desktop for iOS.lnk
2014-04-30 05:15 - 2014-04-30 05:15 - 03200280 _____ () C:\Users\VenusDominique.Venus\Downloads\documentstogoiphn4.0001.010.exe
2014-04-29 17:15 - 2014-04-29 17:15 - 00000000 ____D () C:\Users\VenusDominique.Venus\Desktop\Mozart - Concerto pour piano  N°20
2014-04-29 16:52 - 2014-03-12 17:07 - 01687040 _____ () C:\Users\VenusDominique.Venus\Carte Thu.pub
2014-04-29 16:22 - 2014-04-29 16:22 - 00002903 _____ () C:\Users\VenusDominique.Venus\AppData\Local\recently-used.xbel
2014-04-29 16:22 - 2014-03-17 17:06 - 00000000 ____D () C:\Users\VenusDominique.Venus\AppData\Local\gtk-2.0
2014-04-29 16:06 - 2014-03-28 17:04 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-29 16:06 - 2014-01-06 08:32 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-29 16:06 - 2014-01-06 08:32 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-29 15:39 - 2014-04-28 18:07 - 00000000 ____D () C:\Users\VenusDominique.Venus\Desktop\Dominique
2014-04-29 15:36 - 2014-04-12 10:40 - 00000000 ____D () C:\Users\VenusDominique.Venus\Desktop\Cle avril 2014
2014-04-29 08:01 - 2009-07-14 09:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-29 08:01 - 2009-07-14 09:34 - 00000027 _____ () C:\Windows\System32\Drivers\etc\hosts_bak_875
2014-04-28 13:14 - 2014-04-28 08:43 - 00000000 ____D () C:\Users\VenusDominique.Venus\Downloads\Les gammes de la guitare 1.2.3  Philippe Ganter
2014-04-28 11:37 - 2014-04-28 11:37 - 00000000 ____D () C:\Users\VenusDominique.Venus\Downloads\AVS Video Converter .Vr. 5.92.148+ Crack
2014-04-28 08:43 - 2014-04-28 08:43 - 00055706 _____ () C:\Users\VenusDominique.Venus\Downloads\s-s0hfh517f26z6p1anc8m6rpkk4pee.torrent2.torrent2.torrent
2014-04-28 08:36 - 2014-04-28 08:36 - 00000000 ____D () C:\Extensions
2014-04-28 08:30 - 2013-07-12 09:59 - 00000000 ____D () C:\Users\VenusDominique.Venus\Desktop\FSX
2014-04-28 06:27 - 2012-08-20 10:00 - 00000000 ____D () C:\Program Files\BitComet
2014-04-28 06:25 - 2014-04-28 06:25 - 09471280 _____ () C:\Users\VenusDominique.Venus\Downloads\bitcomet_1-37_fr_12987_64.exe
2014-04-27 20:44 - 2014-04-27 20:43 - 05652608 _____ () C:\Users\VenusDominique.Venus\Downloads\sony_dsc.zip
2014-04-27 12:29 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-04-27 11:55 - 2014-04-27 11:55 - 03972608 _____ () C:\Users\VenusDominique.Venus\Downloads\RogueKiller.exe
2014-04-27 04:30 - 2014-04-26 17:51 - 00000000 ____D () C:\Users\VenusDominique.Venus\Desktop\mbar
2014-04-27 04:30 - 2014-04-26 17:51 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-26 22:47 - 2014-04-25 16:50 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-04-26 20:13 - 2014-04-26 20:13 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-04-25 16:51 - 2014-04-25 16:51 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-25 16:51 - 2014-04-25 16:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-25 16:51 - 2013-10-16 11:10 - 00000000 ____D () C:\Users\VenusDominique.Venus\AppData\Roaming\Malwarebytes
2014-04-25 16:51 - 2013-10-16 11:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-25 16:50 - 2010-07-11 06:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware old
2014-04-23 15:45 - 2009-07-14 12:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-23 10:08 - 2012-01-27 05:46 - 00000000 ____D () C:\Users\VenusDominique.Venus\AppData\Roaming\Adobe
2014-04-21 12:14 - 2009-07-14 09:34 - 00000855 _____ () C:\Windows\System32\Drivers\etc\hosts_bak_270
2014-04-21 08:50 - 2009-07-14 14:45 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-04-21 08:15 - 2013-05-29 09:23 - 00196608 _____ () C:\Windows\System32\Ikeext.etl
2014-04-21 08:10 - 2009-07-14 09:34 - 00000855 _____ () C:\Windows\System32\Drivers\etc\hosts_bak_528
2014-04-21 07:11 - 2014-04-21 07:11 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-VENUS-Microsoft-Windows-7-Professional-(64-bit).dat
2014-04-21 07:10 - 2014-04-21 07:10 - 00000000 ____D () C:\RegBackup
 
Some content of TEMP:
====================
C:\Users\VenusDominique.Venus\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbnovh0.dll
C:\Users\VenusDominique.Venus\AppData\Local\Temp\Quarantine.exe
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe
[2014-05-14 21:06] - [2014-03-04 16:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C
 
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points  =========================
 
Restore point made on: 2014-03-12 16:09:01
Restore point made on: 2014-03-12 16:13:42
Restore point made on: 2014-03-13 09:36:32
Restore point made on: 2014-03-16 20:06:08
Restore point made on: 2014-03-17 12:05:51
Restore point made on: 2014-03-17 12:34:49
Restore point made on: 2014-03-17 13:15:35
Restore point made on: 2014-03-17 13:21:30
Restore point made on: 2014-03-17 16:22:54
Restore point made on: 2014-03-18 21:23:16
Restore point made on: 2014-03-19 08:52:43
Restore point made on: 2014-03-20 10:25:57
Restore point made on: 2014-03-20 12:19:12
Restore point made on: 2014-03-20 16:55:18
Restore point made on: 2014-03-21 14:49:58
Restore point made on: 2014-03-23 19:06:21
Restore point made on: 2014-03-26 02:21:15
Restore point made on: 2014-03-26 11:36:57
Restore point made on: 2014-03-26 11:51:33
Restore point made on: 2014-03-28 17:20:43
Restore point made on: 2014-03-28 17:22:33
Restore point made on: 2014-03-29 02:25:25
Restore point made on: 2014-03-30 19:02:12
Restore point made on: 2014-04-05 03:35:10
Restore point made on: 2014-04-06 07:53:19
Restore point made on: 2014-04-06 08:17:37
Restore point made on: 2014-04-06 19:02:43
Restore point made on: 2014-04-07 15:10:41
Restore point made on: 2014-04-07 16:41:14
Restore point made on: 2014-04-09 11:18:31
Restore point made on: 2014-04-10 17:56:50
Restore point made on: 2014-04-13 19:01:44
Restore point made on: 2014-04-21 02:30:29
Restore point made on: 2014-04-21 07:10:40
Restore point made on: 2014-04-21 07:11:29
Restore point made on: 2014-04-21 11:09:49
Restore point made on: 2014-04-21 11:10:46
Restore point made on: 2014-04-26 18:10:03
Restore point made on: 2014-04-26 20:16:27
Restore point made on: 2014-04-26 20:18:09
Restore point made on: 2014-04-27 20:02:36
Restore point made on: 2014-04-28 09:39:49
Restore point made on: 2014-05-02 06:45:55
Restore point made on: 2014-05-04 09:04:09
Restore point made on: 2014-05-04 09:06:55
Restore point made on: 2014-05-08 17:31:53
Restore point made on: 2014-05-08 17:35:40
Restore point made on: 2014-05-10 14:11:33
Restore point made on: 2014-05-10 14:12:28
Restore point made on: 2014-05-14 02:45:29
Restore point made on: 2014-05-14 21:11:57
Restore point made on: 2014-05-15 08:58:00
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=K:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {0017a300-ed02-11e1-8789-806e6f6e6963}
displayorder            {ntldr}
                        {e96596c4-2ec0-11e3-b718-92eff306968a}
                        {4f9d294a-ec59-11e1-972b-eba704ff8286}
                        {current}
                        {7ae1d3cb-c54f-11e3-9db8-00270e243825}
toolsdisplayorder       {memdiag}
timeout                 10
 
Windows Boot Loader
-------------------
identifier              {4f9d2946-ec59-11e1-972b-eba704ff8286}
device                  ramdisk=[K:]\Recovery\4f9d2946-ec59-11e1-972b-eba704ff8286\Winre.wim,{4f9d2947-ec59-11e1-972b-eba704ff8286}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[K:]\Recovery\4f9d2946-ec59-11e1-972b-eba704ff8286\Winre.wim,{4f9d2947-ec59-11e1-972b-eba704ff8286}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {4f9d294a-ec59-11e1-972b-eba704ff8286}
device                  partition=X:
path                    \Windows\system32\winload.exe
description             Windows 7 Professional (recovered) 
locale                  en-US
osdevice                partition=X:
systemroot              \Windows
resumeobject            {9981db61-ed01-11e1-90a7-806e6f6e6963}
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Current Win7
locale                  en-US
osdevice                partition=C:
systemroot              \Windows
resumeobject            {0017a300-ed02-11e1-8789-806e6f6e6963}
 
Windows Boot Loader
-------------------
identifier              {4f9d294c-ec59-11e1-972b-eba704ff8286}
device                  ramdisk=[X:]\Recovery\3822ce73-3e18-11e1-92fd-f81eab7c49ca\Winre.wim,{4f9d294d-ec59-11e1-972b-eba704ff8286}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment (recovered) 
locale                  
osdevice                ramdisk=[X:]\Recovery\3822ce73-3e18-11e1-92fd-f81eab7c49ca\Winre.wim,{4f9d294d-ec59-11e1-972b-eba704ff8286}
systemroot              \windows
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {4f9d294e-ec59-11e1-972b-eba704ff8286}
device                  ramdisk=[C:]\Recovery\3822ce6b-3e18-11e1-92fd-f81eab7c49ca\Winre.wim,{4f9d294f-ec59-11e1-972b-eba704ff8286}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment (recovered) 
locale                  
osdevice                ramdisk=[C:]\Recovery\3822ce6b-3e18-11e1-92fd-f81eab7c49ca\Winre.wim,{4f9d294f-ec59-11e1-972b-eba704ff8286}
systemroot              \windows
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {e96596c4-2ec0-11e3-b718-92eff306968a}
device                  partition=K:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {e96596c5-2ec0-11e3-b718-92eff306968a}
truncatememory          0x100000000
recoveryenabled         No
osdevice                partition=K:
systemroot              \Windows
resumeobject            {e96596c3-2ec0-11e3-b718-92eff306968a}
nx                      OptIn
numproc                 2
usefirmwarepcisettings  No
 
Windows Boot Loader
-------------------
identifier              {e96596c5-2ec0-11e3-b718-92eff306968a}
device                  ramdisk=[K:]\Recovery\e96596c5-2ec0-11e3-b718-92eff306968a\Winre.wim,{e96596c6-2ec0-11e3-b718-92eff306968a}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[K:]\Recovery\e96596c5-2ec0-11e3-b718-92eff306968a\Winre.wim,{e96596c6-2ec0-11e3-b718-92eff306968a}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {0017a300-ed02-11e1-8789-806e6f6e6963}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows 7 Professional (recovered) 
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Resume from Hibernate
---------------------
identifier              {9981db61-ed01-11e1-90a7-806e6f6e6963}
device                  partition=X:
path                    \Windows\system32\winresume.exe
description             Windows 7 Professional (recovered) 
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=X:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Resume from Hibernate
---------------------
identifier              {e96596c3-2ec0-11e3-b718-92eff306968a}
device                  partition=K:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=K:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=K:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
Windows Legacy OS Loader
------------------------
identifier              {ntldr}
device                  partition=K:
path                    \ntldr
description             Earlier Version of Windows
 
Real-mode Boot Sector
---------------------
identifier              {7ae1d3cb-c54f-11e3-9db8-00270e243825}
device                  partition=C:
path                    \ubuntu\winboot\wubildr.mbr
description             Ubuntu
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {4f9d2947-ec59-11e1-972b-eba704ff8286}
description             Ramdisk Options
ramdisksdidevice        partition=K:
ramdisksdipath          \Recovery\4f9d2946-ec59-11e1-972b-eba704ff8286\boot.sdi
 
Device options
--------------
identifier              {4f9d294d-ec59-11e1-972b-eba704ff8286}
ramdisksdidevice        partition=X:
ramdisksdipath          \Recovery\3822ce73-3e18-11e1-92fd-f81eab7c49ca\boot.sdi
 
Device options
--------------
identifier              {4f9d294f-ec59-11e1-972b-eba704ff8286}
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\3822ce6b-3e18-11e1-92fd-f81eab7c49ca\boot.sdi
 
Device options
--------------
identifier              {e96596c6-2ec0-11e3-b718-92eff306968a}
description             Ramdisk Options
ramdisksdidevice        partition=K:
ramdisksdipath          \Recovery\e96596c5-2ec0-11e3-b718-92eff306968a\boot.sdi
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 80%
Total physical RAM: 4091.61 MB
Available physical RAM: 807.71 MB
Total Pagefile: 8181.4 MB
Available Pagefile: 2562.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
 
==================== Drives ================================
 
Drive c: (Tera 2 (xplane)) (Fixed) (Total:492.06 GB) (Free:78.97 GB) NTFS
Drive d: (Tera1) (Fixed) (Total:439.45 GB) (Free:77.21 GB) NTFS
Drive j: (Full Data) (Fixed) (Total:488.28 GB) (Free:151.6 GB) NTFS
Drive k: (winflight) (Fixed) (Total:292.97 GB) (Free:32.21 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive x: (old niew XP) (Fixed) (Total:250.98 GB) (Free:52.83 GB) NTFS
Drive y: (old XP) (Fixed) (Total:637.57 GB) (Free:251.57 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 9BCD9DBE)
Partition 1: (Not Active) - (Size=251 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=638 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=43 GB) - (Type=05)
 
========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 97A2ABE2)
Partition 1: (Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=488 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=-1037487307776) - (Type=05)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 251D2EA0)
Partition 1: (Not Active) - (Size=439 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=492 GB) - (Type=07 NTFS)
 
 
LastRegBack: 2014-05-20 05:29
 
==================== End Of Log ============================


#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,901 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:51 PM

Posted 20 May 2014 - 08:34 AM

Boot Mode: Recovery

Why?

It seems that FRST wasn't able to load the system hive.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 domipj

domipj
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 21 May 2014 - 08:15 AM

I dont know ??? But I tried mqny time. May be should I restart the machine before running FRST ?



#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,901 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:51 PM

Posted 21 May 2014 - 08:17 AM

I do not understand. Why did you scan with FRST in Recovery Mode instead of scanning in normal mode?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 domipj

domipj
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 21 May 2014 - 08:36 AM

I changed nothing ! I did excacly what you give me !



#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,901 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:51 PM

Posted 21 May 2014 - 09:18 AM

OK, please boot up into normal mode and do a new FRST Scan.


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 domipj

domipj
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 21 May 2014 - 06:39 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by VenusDominique on VENUS on 21-05-2014 22:01:07
Running from C:\Users\VenusDominique.Venus\Desktop
Platform: WIN_7 Service Pack 1 (X64) OS Language: English(US)
Boot Mode: Recovery
Attention: Could not load system hive.
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Registry (Whitelisted) ==================
 
ATTENTION: Software hive is not loaded.
 
==================== Services (Whitelisted) =================
 
 
==================== Drivers (Whitelisted) ====================
 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-21 22:01 - 2014-05-21 22:01 - 00001097 _____ () C:\Users\VenusDominique.Venus\Desktop\FRST.txt
2014-05-20 03:59 - 2014-05-21 22:01 - 00000000 ____D () C:\FRST
2014-05-20 03:57 - 2014-05-20 03:57 - 02067456 _____ (Farbar) C:\Users\VenusDominique.Venus\Desktop\FRST64.exe
2014-05-20 03:56 - 2014-05-20 03:57 - 02067456 _____ (Farbar) C:\Users\VenusDominique.Venus\Downloads\FRST64.exe
2014-05-18 09:24 - 2014-05-18 09:24 - 00001082 _____ () C:\Users\VenusDominique.Venus\Downloads\Downloads - Shortcut.lnk
2014-05-15 09:00 - 2014-05-06 11:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-05-15 09:00 - 2014-05-06 11:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-05-15 09:00 - 2014-05-06 10:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 09:00 - 2014-05-06 10:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 09:00 - 2014-05-06 10:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-05-15 09:00 - 2014-05-06 09:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 21:09 - 2014-05-09 13:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-05-14 21:09 - 2014-05-09 13:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-05-14 21:09 - 2014-03-25 09:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2014-05-14 21:09 - 2014-03-25 09:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 21:06 - 2014-04-12 09:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2014-05-14 21:06 - 2014-04-12 09:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2014-05-14 21:06 - 2014-04-12 09:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2014-05-14 21:06 - 2014-04-12 09:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2014-05-14 21:06 - 2014-04-12 09:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2014-05-14 21:06 - 2014-04-12 09:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2014-05-14 21:06 - 2014-04-12 09:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2014-05-14 21:06 - 2014-04-12 09:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 21:06 - 2014-04-12 09:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 21:06 - 2014-03-04 16:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2014-05-14 21:06 - 2014-03-04 16:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2014-05-14 21:06 - 2014-03-04 16:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\System32\objsel.dll
2014-05-14 21:06 - 2014-03-04 16:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2014-05-14 21:06 - 2014-03-04 16:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2014-05-14 21:06 - 2014-03-04 16:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2014-05-14 21:06 - 2014-03-04 16:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2014-05-14 21:06 - 2014-03-04 16:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2014-05-14 21:06 - 2014-03-04 16:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\wincredprovider.dll
2014-05-14 21:06 - 2014-03-04 16:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\System32\winlogon.exe
2014-05-14 21:06 - 2014-03-04 16:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\System32\cngprovider.dll
2014-05-14 21:06 - 2014-03-04 16:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\System32\adprovider.dll
2014-05-14 21:06 - 2014-03-04 16:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\capiprovider.dll
2014-05-14 21:06 - 2014-03-04 16:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\dpapiprovider.dll
2014-05-14 21:06 - 2014-03-04 16:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\System32\dimsroam.dll
2014-05-14 21:06 - 2014-03-04 16:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2014-05-14 21:06 - 2014-03-04 16:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 21:06 - 2014-03-04 16:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 21:06 - 2014-03-04 16:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 21:06 - 2014-03-04 16:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 21:06 - 2014-03-04 16:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 21:06 - 2014-03-04 16:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 21:06 - 2014-03-04 16:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 21:06 - 2014-03-04 16:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 21:06 - 2014-03-04 16:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 21:06 - 2014-03-04 16:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 21:06 - 2014-03-04 16:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 21:06 - 2014-03-04 16:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 21:06 - 2014-03-04 16:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 21:06 - 2014-03-04 16:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 21:06 - 2014-03-04 16:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 21:06 - 2014-03-04 16:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 20:56 - 2014-05-14 20:56 - 01325827 _____ () C:\Users\VenusDominique.Venus\Desktop\AdwCleaner (2).exe
2014-05-14 20:55 - 2014-05-14 20:56 - 01325827 _____ () C:\Users\VenusDominique.Venus\Downloads\AdwCleaner (2).exe
2014-05-13 17:40 - 2005-02-20 18:06 - 00001388 _____ () C:\Users\VenusDominique.Venus\Desktop\CD1.cue
2014-05-12 15:29 - 2014-05-04 08:59 - 00448512 _____ (OldTimer Tools) C:\Users\VenusDominique.Venus\Desktop\TFC.exe
2014-05-12 10:25 - 2014-05-12 10:25 - 01325827 _____ () C:\Users\VenusDominique.Venus\Downloads\AdwCleaner (1).exe
2014-05-12 09:42 - 2014-05-12 09:42 - 00688992 _____ (Swearware) C:\Users\VenusDominique.Venus\Downloads\dds.com
2014-05-10 17:59 - 2014-05-10 17:59 - 00457632 _____ (Bleeping Computer, LLC) C:\Users\VenusDominique.Venus\Downloads\FixExec.exe
2014-05-10 05:17 - 2014-05-10 05:17 - 01071792 _____ (Solid State Networks) C:\Users\VenusDominique.Venus\Downloads\install_reader11_en_mssd_aaa_aih.exe
2014-05-09 15:59 - 2014-05-09 15:59 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-05-09 15:59 - 2014-05-09 15:59 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-05-09 08:32 - 2014-05-09 08:32 - 00003204 _____ () C:\Windows\System32\Tasks\{47342C96-D420-4752-B767-1676D66052ED}
2014-05-09 08:11 - 2014-05-09 08:12 - 00204496 _____ (Malwarebytes) C:\Users\VenusDominique.Venus\Downloads\startuplite-setup-1.07.exe
2014-05-09 07:43 - 2014-05-09 07:43 - 01071792 _____ (Solid State Networks) C:\Users\VenusDominique.Venus\Downloads\install_reader11_en_mssa_aaa_aih (3).exe
2014-05-09 05:51 - 2014-05-09 05:53 - 00000000 ____D () C:\Program Files (x86)\GUM556C.tmp
2014-05-08 19:43 - 2014-05-08 19:45 - 00000000 ____D () C:\Program Files (x86)\GUMD346.tmp
2014-05-08 17:59 - 2014-05-08 18:00 - 01071792 _____ (Solid State Networks) C:\Users\VenusDominique.Venus\Downloads\install_reader11_en_mssa_aaa_aih.exe
2014-05-08 17:36 - 2014-05-08 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Installer Clean Up
2014-05-08 17:34 - 2014-05-08 17:34 - 00000022 _____ () C:\Windows\Wininit.ini
2014-05-08 17:31 - 2014-05-08 17:31 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes
2014-05-08 17:25 - 2014-05-08 17:32 - 19590440 _____ (Wondershare Software Co.,Ltd. ) C:\Users\VenusDominique.Venus\Downloads\data-recovery_full935.exe
2014-05-08 12:34 - 2014-05-08 12:34 - 00002178 _____ () C:\Users\VenusDominique.Venus\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-05-08 12:28 - 2014-05-08 12:28 - 00001027 _____ () C:\Users\VenusThu\Desktop\NTREGOPT.lnk
2014-05-08 12:28 - 2014-05-08 12:28 - 00001027 _____ () C:\Users\VenusDominique.Venus\Desktop\NTREGOPT.lnk
2014-05-08 12:28 - 2014-05-08 12:28 - 00001027 _____ () C:\Users\VenusBrigitte\Desktop\NTREGOPT.lnk
2014-05-08 12:28 - 2014-05-08 12:28 - 00001027 _____ () C:\Users\HomeGroupUser$\Desktop\NTREGOPT.lnk
2014-05-08 12:28 - 2014-05-08 12:28 - 00001027 _____ () C:\Users\Administrator.Venus\Desktop\NTREGOPT.lnk
2014-05-08 12:28 - 2014-05-08 12:28 - 00000000 ____D () C:\Program Files (x86)\NT Registry Optimizer
2014-05-05 09:21 - 2014-05-05 09:23 - 00000000 ___RD () C:\VENUS
2014-05-05 09:21 - 2014-05-05 09:21 - 00000528 ____R () C:\MediaID.bin
2014-05-04 09:09 - 2014-05-04 09:09 - 01071792 _____ (Solid State Networks) C:\Users\VenusDominique.Venus\Downloads\install_reader11_en_mssa_aaa_aih (1).exe
2014-05-04 07:15 - 2014-05-04 07:16 - 02347384 _____ (ESET) C:\Users\VenusDominique.Venus\Downloads\esetsmartinstaller_enu (2).exe
2014-05-04 07:15 - 2014-05-04 07:16 - 02347384 _____ (ESET) C:\Users\VenusDominique.Venus\Downloads\esetsmartinstaller_enu (1).exe
2014-05-03 17:46 - 2014-05-03 17:46 - 00075902 _____ () C:\Users\VenusDominique.Venus\Downloads\IsitavirusandhowtogetridofitpleasepageNumber-AmIinfectedWhatdoIdo.html
2014-05-03 17:25 - 2014-05-03 17:25 - 00000000 ____D () C:\Users\VenusDominique.Venus\AppData\Roaming\DropboxMaster
2014-05-02 17:22 - 2014-05-02 17:22 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-02 12:24 - 2014-05-02 12:24 - 00124468 _____ () C:\Users\VenusDominique.Venus\Downloads\168950-ICAO (2).kmz
2014-05-02 12:23 - 2014-05-02 12:23 - 00124468 _____ () C:\Users\VenusDominique.Venus\Downloads\168950-ICAO.kmz
2014-05-02 12:23 - 2014-05-02 12:23 - 00124468 _____ () C:\Users\VenusDominique.Venus\Downloads\168950-ICAO (1).kmz
2014-05-02 09:34 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-02 09:24 - 2014-05-02 09:24 - 01310621 _____ () C:\Users\VenusDominique.Venus\Downloads\AdwCleaner.exe
2014-05-02 09:18 - 2014-05-02 09:18 - 00982016 _____ (Farbar) C:\Users\VenusDominique.Venus\Downloads\MiniToolBox.exe
2014-05-02 05:17 - 2014-05-02 05:18 - 18886880 _____ (SUPERAntiSpyware) C:\Users\VenusDominique.Venus\Downloads\SUPERAntiSpyware (1).exe
2014-05-01 17:52 - 2014-05-04 09:33 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-05-01 17:46 - 2014-05-01 17:47 - 18878456 _____ (SUPERAntiSpyware) C:\Users\VenusDominique.Venus\Downloads\SUPERAntiSpyware.exe
2014-04-30 17:22 - 2014-04-30 17:30 - 00000000 ____D () C:\Users\VenusDominique.Venus\Desktop\business cards
2014-04-30 14:48 - 2014-04-30 14:49 - 00000000 ____D () C:\Users\VenusDominique.Venus\Desktop\USB Brigitte
2014-04-30 09:50 - 2014-05-01 16:21 - 00000000 ____D () C:\Users\VenusDominique.Venus\AppData\Roaming\mIRC
2014-04-30 09:50 - 2014-04-30 14:17 - 00000000 ____D () C:\Program Files (x86)\mIRC
2014-04-30 09:50 - 2014-04-30 09:50 - 00000970 _____ () C:\Users\Public\Desktop\mIRC.lnk
2014-04-30 09:47 - 2014-04-30 09:48 - 01944960 _____ (mIRC Co. Ltd.) C:\Users\VenusDominique.Venus\Downloads\mirc732.exe
2014-04-30 05:25 - 2014-04-30 05:29 - 00000000 ___SD () C:\Users\VenusDominique.Venus\Documents\My DocsToGo
2014-04-30 05:25 - 2014-04-30 05:25 - 00000800 _____ () C:\Users\Public\Desktop\My DocsToGo.lnk
2014-04-30 05:17 - 2014-04-30 05:17 - 00001210 _____ () C:\Users\Public\Desktop\Documents To Go Desktop for iOS.lnk
2014-04-30 05:15 - 2014-04-30 05:15 - 03200280 _____ () C:\Users\VenusDominique.Venus\Downloads\documentstogoiphn4.0001.010.exe
2014-04-29 17:15 - 2014-04-29 17:15 - 00000000 ____D () C:\Users\VenusDominique.Venus\Desktop\Mozart - Concerto pour piano  N°20
2014-04-29 16:22 - 2014-04-29 16:22 - 00002903 _____ () C:\Users\VenusDominique.Venus\AppData\Local\recently-used.xbel
2014-04-28 18:07 - 2014-04-29 15:39 - 00000000 ____D () C:\Users\VenusDominique.Venus\Desktop\Dominique
2014-04-28 11:37 - 2014-04-28 11:37 - 00000000 ____D () C:\Users\VenusDominique.Venus\Downloads\AVS Video Converter .Vr. 5.92.148+ Crack
2014-04-28 09:40 - 2014-05-15 09:01 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-04-28 08:43 - 2014-04-28 13:14 - 00000000 ____D () C:\Users\VenusDominique.Venus\Downloads\Les gammes de la guitare 1.2.3  Philippe Ganter
2014-04-28 08:43 - 2014-04-28 08:43 - 00055706 _____ () C:\Users\VenusDominique.Venus\Downloads\s-s0hfh517f26z6p1anc8m6rpkk4pee.torrent2.torrent2.torrent
2014-04-28 08:36 - 2014-04-28 08:36 - 00000000 ____D () C:\Extensions
2014-04-28 06:25 - 2014-04-28 06:25 - 09471280 _____ () C:\Users\VenusDominique.Venus\Downloads\bitcomet_1-37_fr_12987_64.exe
2014-04-27 20:43 - 2014-04-27 20:44 - 05652608 _____ () C:\Users\VenusDominique.Venus\Downloads\sony_dsc.zip
2014-04-27 11:55 - 2014-04-27 11:55 - 03972608 _____ () C:\Users\VenusDominique.Venus\Downloads\RogueKiller.exe
2014-04-26 20:13 - 2014-04-26 20:13 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-04-26 17:51 - 2014-04-27 04:30 - 00000000 ____D () C:\Users\VenusDominique.Venus\Desktop\mbar
2014-04-26 17:51 - 2014-04-27 04:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-25 16:53 - 2014-05-21 22:00 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-04-25 16:51 - 2014-04-25 16:51 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-25 16:50 - 2014-04-26 22:47 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-04-25 16:50 - 2014-04-25 16:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-25 16:50 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-04-21 07:16 - 2014-05-11 04:51 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-04-21 07:11 - 2014-04-21 07:11 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-VENUS-Microsoft-Windows-7-Professional-(64-bit).dat
2014-04-21 07:10 - 2014-04-21 07:10 - 00000000 ____D () C:\RegBackup
 
==================== One Month Modified Files and Folders =======
 
2014-05-21 22:03 - 2012-12-16 10:43 - 00001084 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-21 22:01 - 2014-05-21 22:01 - 00001097 _____ () C:\Users\VenusDominique.Venus\Desktop\FRST.txt
2014-05-21 22:01 - 2014-05-20 03:59 - 00000000 ____D () C:\FRST
2014-05-21 22:00 - 2014-04-25 16:53 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-05-21 22:00 - 2012-05-03 14:35 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-05-21 21:59 - 2012-07-22 17:18 - 00000000 ____D () C:\Users\VenusDominique.Venus\AppData\Roaming\Skype
2014-05-21 21:57 - 2014-03-27 19:02 - 00000000 ____D () C:\Users\VenusDominique.Venus\AppData\Roaming\ViberPC
2014-05-21 21:57 - 2013-01-10 11:42 - 00000000 ___RD () C:\Users\VenusDominique.Venus\Dropbox
2014-05-21 21:57 - 2013-01-10 11:37 - 00000000 ____D () C:\Users\VenusDominique.Venus\AppData\Roaming\Dropbox
2014-05-21 21:57 - 2012-08-20 10:00 - 00000000 ____D () C:\Users\VenusDominique.Venus\AppData\Roaming\BitComet
2014-05-21 21:55 - 2014-03-27 18:56 - 00000000 ____D () C:\Users\VenusDominique.Venus\AppData\Local\Viber
2014-05-21 21:53 - 2012-12-16 10:43 - 00001080 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-21 21:52 - 2012-12-02 10:20 - 00032688 _____ () C:\Windows\setupact.log
2014-05-21 21:52 - 2012-01-16 19:45 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-21 21:52 - 2009-07-14 12:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-20 09:53 - 2012-01-16 16:07 - 01406239 _____ () C:\Windows\WindowsUpdate.log
2014-05-20 09:49 - 2014-02-04 10:26 - 00000956 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3711420242-1791583040-2677181901-1005UA.job
2014-05-20 09:25 - 2014-01-15 09:12 - 00003518 _____ () C:\Windows\System32\Tasks\FileAdvisorCheck
2014-05-20 09:25 - 2014-01-15 09:11 - 00000000 ____D () C:\Program Files (x86)\File Type Advisor
2014-05-20 09:13 - 2014-01-16 09:12 - 00000000 ____D () C:\Users\VenusDominique.Venus\AppData\Roaming\FileAdvisor
2014-05-20 09:06 - 2014-03-28 17:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-20 08:09 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\tracing
2014-05-20 05:35 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\rescache
2014-05-20 04:42 - 2014-04-11 16:08 - 00000000 ____D () C:\Users\VenusDominique.Venus\AppData\Local\CrashDumps
2014-05-20 03:57 - 2014-05-20 03:57 - 02067456 _____ (Farbar) C:\Users\VenusDominique.Venus\Desktop\FRST64.exe
2014-05-20 03:57 - 2014-05-20 03:56 - 02067456 _____ (Farbar) C:\Users\VenusDominique.Venus\Downloads\FRST64.exe
2014-05-20 03:56 - 2009-07-14 11:45 - 00026352 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-20 03:56 - 2009-07-14 11:45 - 00026352 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-18 09:24 - 2014-05-18 09:24 - 00001082 _____ () C:\Users\VenusDominique.Venus\Downloads\Downloads - Shortcut.lnk
2014-05-15 09:01 - 2014-04-28 09:40 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-05-15 09:01 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-15 08:59 - 2012-08-27 12:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 21:25 - 2013-05-07 10:26 - 00350120 _____ () C:\Windows\PFRO.log
2014-05-14 21:23 - 2013-10-16 11:19 - 00000000 ____D () C:\AdwCleaner
2014-05-14 21:18 - 2013-10-26 17:17 - 00000000 ____D () C:\Windows\System32\MRT
2014-05-14 21:18 - 2012-05-03 14:53 - 93223848 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-05-14 20:56 - 2014-05-14 20:56 - 01325827 _____ () C:\Users\VenusDominique.Venus\Desktop\AdwCleaner (2).exe
2014-05-14 20:56 - 2014-05-14 20:55 - 01325827 _____ () C:\Users\VenusDominique.Venus\Downloads\AdwCleaner (2).exe
2014-05-14 19:51 - 2014-02-04 10:26 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3711420242-1791583040-2677181901-1005Core.job
2014-05-14 09:00 - 2009-07-14 12:13 - 00786598 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-05-12 10:25 - 2014-05-12 10:25 - 01325827 _____ () C:\Users\VenusDominique.Venus\Downloads\AdwCleaner (1).exe
2014-05-12 09:42 - 2014-05-12 09:42 - 00688992 _____ (Swearware) C:\Users\VenusDominique.Venus\Downloads\dds.com
2014-05-11 22:45 - 2012-01-26 20:01 - 00115968 _____ () C:\Users\VenusDominique.Venus\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-11 22:43 - 2009-07-14 11:45 - 04996504 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-05-11 22:41 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\Vss
2014-05-11 04:51 - 2014-04-21 07:16 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-05-11 04:44 - 2012-08-27 09:57 - 00003160 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-05-11 04:34 - 2009-07-14 09:34 - 00000549 _____ () C:\Windows\win.ini
2014-05-10 17:59 - 2014-05-10 17:59 - 00457632 _____ (Bleeping Computer, LLC) C:\Users\VenusDominique.Venus\Downloads\FixExec.exe
2014-05-10 05:17 - 2014-05-10 05:17 - 01071792 _____ (Solid State Networks) C:\Users\VenusDominique.Venus\Downloads\install_reader11_en_mssd_aaa_aih.exe
2014-05-09 21:08 - 2012-08-27 09:26 - 00000000 ____D () C:\Users\VenusDominique.Venus\AppData\Local\Adobe
2014-05-09 16:00 - 2014-03-17 17:02 - 00002057 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-05-09 16:00 - 2014-03-17 17:02 - 00002055 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-05-09 16:00 - 2014-03-17 17:02 - 00002045 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-05-09 15:59 - 2014-05-09 15:59 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-05-09 15:59 - 2014-05-09 15:59 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-05-09 13:14 - 2014-05-14 21:09 - 00477184 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-05-09 13:11 - 2014-05-14 21:09 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-05-09 09:00 - 2013-12-06 14:48 - 00000000 ____D () C:\Program Files (x86)\FileZilla Server
2014-05-09 08:32 - 2014-05-09 08:32 - 00003204 _____ () C:\Windows\System32\Tasks\{47342C96-D420-4752-B767-1676D66052ED}
2014-05-09 08:12 - 2014-05-09 08:11 - 00204496 _____ (Malwarebytes) C:\Users\VenusDominique.Venus\Downloads\startuplite-setup-1.07.exe
2014-05-09 07:43 - 2014-05-09 07:43 - 01071792 _____ (Solid State Networks) C:\Users\VenusDominique.Venus\Downloads\install_reader11_en_mssa_aaa_aih (3).exe
2014-05-09 05:53 - 2014-05-09 05:51 - 00000000 ____D () C:\Program Files (x86)\GUM556C.tmp
2014-05-09 05:52 - 2012-12-16 10:43 - 00004080 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-09 05:52 - 2012-12-16 10:43 - 00003828 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-08 20:02 - 2013-12-04 11:08 - 00000000 ____D () C:\Users\VenusDominique.Venus\AppData\Roaming\TeamViewer Manager
2014-05-08 19:45 - 2014-05-08 19:43 - 00000000 ____D () C:\Program Files (x86)\GUMD346.tmp
2014-05-08 19:44 - 2014-02-04 10:26 - 00003948 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3711420242-1791583040-2677181901-1005UA
2014-05-08 19:44 - 2014-02-04 10:26 - 00003552 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3711420242-1791583040-2677181901-1005Core
2014-05-08 18:00 - 2014-05-08 17:59 - 01071792 _____ (Solid State Networks) C:\Users\VenusDominique.Venus\Downloads\install_reader11_en_mssa_aaa_aih.exe
2014-05-08 17:36 - 2014-05-08 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Installer Clean Up
2014-05-08 17:34 - 2014-05-08 17:34 - 00000022 _____ () C:\Windows\Wininit.ini
2014-05-08 17:34 - 2012-08-28 08:15 - 00000000 ____D () C:\Windows\System32\appmgmt
2014-05-08 17:32 - 2014-05-08 17:25 - 19590440 _____ (Wondershare Software Co.,Ltd. ) C:\Users\VenusDominique.Venus\Downloads\data-recovery_full935.exe
2014-05-08 17:31 - 2014-05-08 17:31 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes
2014-05-08 17:31 - 2011-12-19 19:18 - 00000000 ____D () C:\Program Files (x86)\MSECache
2014-05-08 14:33 - 2014-02-13 09:58 - 00001315 _____ () C:\Windows\System32\TeamViewer9_Hooks.log
2014-05-08 14:10 - 2013-10-06 10:50 - 00003744 _____ () C:\Windows\SysWOW64\UpdateLog.GDZ
2014-05-08 14:09 - 2012-01-26 19:34 - 00000000 ____D () C:\users\VenusDominique.Venus
2014-05-08 12:36 - 2012-01-26 19:34 - 13631488 ___SH () C:\Users\VenusDominique.Venus\NTUSER.bak
2014-05-08 12:36 - 2009-07-14 09:34 - 90701824 _____ () C:\Windows\System32\config\SOFTWARE.bak
2014-05-08 12:36 - 2009-07-14 09:34 - 47448064 _____ () C:\Windows\System32\config\COMPONENTS.bak
2014-05-08 12:36 - 2009-07-14 09:34 - 22544384 _____ () C:\Windows\System32\config\SYSTEM.bak
2014-05-08 12:36 - 2009-07-14 09:34 - 00524288 _____ () C:\Windows\System32\config\DEFAULT.bak
2014-05-08 12:36 - 2009-07-14 09:34 - 00176128 _____ () C:\Windows\System32\config\SAM.bak
2014-05-08 12:36 - 2009-07-14 09:34 - 00032768 _____ () C:\Windows\System32\config\SECURITY.bak
2014-05-08 12:34 - 2014-05-08 12:34 - 00002178 _____ () C:\Users\VenusDominique.Venus\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-05-08 12:34 - 2012-01-27 05:47 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{FED42C8F-5868-46A3-ADBA-9E527171EF05}
2014-05-08 12:28 - 2014-05-08 12:28 - 00001027 _____ () C:\Users\VenusThu\Desktop\NTREGOPT.lnk
2014-05-08 12:28 - 2014-05-08 12:28 - 00001027 _____ () C:\Users\VenusDominique.Venus\Desktop\NTREGOPT.lnk
2014-05-08 12:28 - 2014-05-08 12:28 - 00001027 _____ () C:\Users\VenusBrigitte\Desktop\NTREGOPT.lnk
2014-05-08 12:28 - 2014-05-08 12:28 - 00001027 _____ () C:\Users\HomeGroupUser$\Desktop\NTREGOPT.lnk
2014-05-08 12:28 - 2014-05-08 12:28 - 00001027 _____ () C:\Users\Administrator.Venus\Desktop\NTREGOPT.lnk
2014-05-08 12:28 - 2014-05-08 12:28 - 00000000 ____D () C:\Program Files (x86)\NT Registry Optimizer
2014-05-06 13:50 - 2012-08-29 09:16 - 00000000 ____D () C:\Users\VenusDominique.Venus\Desktop\Adobe CS4 Activation Patch
2014-05-06 13:48 - 2013-12-26 19:25 - 00000000 ____D () C:\ProgramData\Speed Streamer
2014-05-06 11:40 - 2014-05-15 09:00 - 23544320 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-05-06 11:17 - 2014-05-15 09:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-05-06 10:25 - 2014-05-15 09:00 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 10:07 - 2014-05-15 09:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 10:00 - 2014-05-15 09:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-05-06 09:10 - 2014-05-15 09:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 09:23 - 2014-05-05 09:21 - 00000000 ___RD () C:\VENUS
2014-05-05 09:21 - 2014-05-05 09:21 - 00000528 ____R () C:\MediaID.bin
2014-05-04 09:33 - 2014-05-01 17:52 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-05-04 09:31 - 2013-12-08 08:16 - 00000000 ____D () C:\Program Files (x86)\eRightSoft
2014-05-04 09:09 - 2014-05-04 09:09 - 01071792 _____ (Solid State Networks) C:\Users\VenusDominique.Venus\Downloads\install_reader11_en_mssa_aaa_aih (1).exe
2014-05-04 09:09 - 2012-12-30 16:07 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-04 08:59 - 2014-05-12 15:29 - 00448512 _____ (OldTimer Tools) C:\Users\VenusDominique.Venus\Desktop\TFC.exe
2014-05-04 07:16 - 2014-05-04 07:15 - 02347384 _____ (ESET) C:\Users\VenusDominique.Venus\Downloads\esetsmartinstaller_enu (2).exe
2014-05-04 07:16 - 2014-05-04 07:15 - 02347384 _____ (ESET) C:\Users\VenusDominique.Venus\Downloads\esetsmartinstaller_enu (1).exe
2014-05-03 17:46 - 2014-05-03 17:46 - 00075902 _____ () C:\Users\VenusDominique.Venus\Downloads\IsitavirusandhowtogetridofitpleasepageNumber-AmIinfectedWhatdoIdo.html
2014-05-03 17:25 - 2014-05-03 17:25 - 00000000 ____D () C:\Users\VenusDominique.Venus\AppData\Roaming\DropboxMaster
2014-05-02 19:14 - 2012-07-22 17:17 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-02 17:22 - 2014-05-02 17:22 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-02 12:24 - 2014-05-02 12:24 - 00124468 _____ () C:\Users\VenusDominique.Venus\Downloads\168950-ICAO (2).kmz
2014-05-02 12:23 - 2014-05-02 12:23 - 00124468 _____ () C:\Users\VenusDominique.Venus\Downloads\168950-ICAO.kmz
2014-05-02 12:23 - 2014-05-02 12:23 - 00124468 _____ () C:\Users\VenusDominique.Venus\Downloads\168950-ICAO (1).kmz
2014-05-02 09:24 - 2014-05-02 09:24 - 01310621 _____ () C:\Users\VenusDominique.Venus\Downloads\AdwCleaner.exe
2014-05-02 09:18 - 2014-05-02 09:18 - 00982016 _____ (Farbar) C:\Users\VenusDominique.Venus\Downloads\MiniToolBox.exe
2014-05-02 05:18 - 2014-05-02 05:17 - 18886880 _____ (SUPERAntiSpyware) C:\Users\VenusDominique.Venus\Downloads\SUPERAntiSpyware (1).exe
2014-05-01 17:47 - 2014-05-01 17:46 - 18878456 _____ (SUPERAntiSpyware) C:\Users\VenusDominique.Venus\Downloads\SUPERAntiSpyware.exe
2014-05-01 17:26 - 2012-08-28 06:03 - 00000000 ____D () C:\Users\VenusDominique.Venus\AppData\Roaming\gSyncit
2014-05-01 16:21 - 2014-04-30 09:50 - 00000000 ____D () C:\Users\VenusDominique.Venus\AppData\Roaming\mIRC
2014-05-01 01:45 - 2012-08-27 05:58 - 00000000 ____D () C:\Users\VenusDominique.Venus\AppData\Roaming\Mozilla
2014-04-30 17:30 - 2014-04-30 17:22 - 00000000 ____D () C:\Users\VenusDominique.Venus\Desktop\business cards
2014-04-30 14:49 - 2014-04-30 14:48 - 00000000 ____D () C:\Users\VenusDominique.Venus\Desktop\USB Brigitte
2014-04-30 14:17 - 2014-04-30 09:50 - 00000000 ____D () C:\Program Files (x86)\mIRC
2014-04-30 09:50 - 2014-04-30 09:50 - 00000970 _____ () C:\Users\Public\Desktop\mIRC.lnk
2014-04-30 09:48 - 2014-04-30 09:47 - 01944960 _____ (mIRC Co. Ltd.) C:\Users\VenusDominique.Venus\Downloads\mirc732.exe
2014-04-30 05:45 - 2014-03-17 12:07 - 00000000 ____D () C:\Windows\pss
2014-04-30 05:29 - 2014-04-30 05:25 - 00000000 ___SD () C:\Users\VenusDominique.Venus\Documents\My DocsToGo
2014-04-30 05:25 - 2014-04-30 05:25 - 00000800 _____ () C:\Users\Public\Desktop\My DocsToGo.lnk
2014-04-30 05:17 - 2014-04-30 05:17 - 00001210 _____ () C:\Users\Public\Desktop\Documents To Go Desktop for iOS.lnk
2014-04-30 05:15 - 2014-04-30 05:15 - 03200280 _____ () C:\Users\VenusDominique.Venus\Downloads\documentstogoiphn4.0001.010.exe
2014-04-29 17:15 - 2014-04-29 17:15 - 00000000 ____D () C:\Users\VenusDominique.Venus\Desktop\Mozart - Concerto pour piano  N°20
2014-04-29 16:52 - 2014-03-12 17:07 - 01687040 _____ () C:\Users\VenusDominique.Venus\Carte Thu.pub
2014-04-29 16:22 - 2014-04-29 16:22 - 00002903 _____ () C:\Users\VenusDominique.Venus\AppData\Local\recently-used.xbel
2014-04-29 16:22 - 2014-03-17 17:06 - 00000000 ____D () C:\Users\VenusDominique.Venus\AppData\Local\gtk-2.0
2014-04-29 16:06 - 2014-03-28 17:04 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-29 16:06 - 2014-01-06 08:32 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-29 16:06 - 2014-01-06 08:32 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-29 15:39 - 2014-04-28 18:07 - 00000000 ____D () C:\Users\VenusDominique.Venus\Desktop\Dominique
2014-04-29 15:36 - 2014-04-12 10:40 - 00000000 ____D () C:\Users\VenusDominique.Venus\Desktop\Cle avril 2014
2014-04-29 08:01 - 2009-07-14 09:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-29 08:01 - 2009-07-14 09:34 - 00000027 _____ () C:\Windows\System32\Drivers\etc\hosts_bak_875
2014-04-28 13:14 - 2014-04-28 08:43 - 00000000 ____D () C:\Users\VenusDominique.Venus\Downloads\Les gammes de la guitare 1.2.3  Philippe Ganter
2014-04-28 11:37 - 2014-04-28 11:37 - 00000000 ____D () C:\Users\VenusDominique.Venus\Downloads\AVS Video Converter .Vr. 5.92.148+ Crack
2014-04-28 08:43 - 2014-04-28 08:43 - 00055706 _____ () C:\Users\VenusDominique.Venus\Downloads\s-s0hfh517f26z6p1anc8m6rpkk4pee.torrent2.torrent2.torrent
2014-04-28 08:36 - 2014-04-28 08:36 - 00000000 ____D () C:\Extensions
2014-04-28 08:30 - 2013-07-12 09:59 - 00000000 ____D () C:\Users\VenusDominique.Venus\Desktop\FSX
2014-04-28 06:27 - 2012-08-20 10:00 - 00000000 ____D () C:\Program Files\BitComet
2014-04-28 06:25 - 2014-04-28 06:25 - 09471280 _____ () C:\Users\VenusDominique.Venus\Downloads\bitcomet_1-37_fr_12987_64.exe
2014-04-27 20:44 - 2014-04-27 20:43 - 05652608 _____ () C:\Users\VenusDominique.Venus\Downloads\sony_dsc.zip
2014-04-27 12:29 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-04-27 11:55 - 2014-04-27 11:55 - 03972608 _____ () C:\Users\VenusDominique.Venus\Downloads\RogueKiller.exe
2014-04-27 04:30 - 2014-04-26 17:51 - 00000000 ____D () C:\Users\VenusDominique.Venus\Desktop\mbar
2014-04-27 04:30 - 2014-04-26 17:51 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-26 22:47 - 2014-04-25 16:50 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-04-26 20:13 - 2014-04-26 20:13 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-04-25 16:51 - 2014-04-25 16:51 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-25 16:51 - 2014-04-25 16:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-25 16:51 - 2013-10-16 11:10 - 00000000 ____D () C:\Users\VenusDominique.Venus\AppData\Roaming\Malwarebytes
2014-04-25 16:51 - 2013-10-16 11:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-25 16:50 - 2010-07-11 06:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware old
2014-04-23 15:45 - 2009-07-14 12:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-23 10:08 - 2012-01-27 05:46 - 00000000 ____D () C:\Users\VenusDominique.Venus\AppData\Roaming\Adobe
2014-04-21 12:14 - 2009-07-14 09:34 - 00000855 _____ () C:\Windows\System32\Drivers\etc\hosts_bak_270
2014-04-21 08:50 - 2009-07-14 14:45 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-04-21 08:15 - 2013-05-29 09:23 - 00196608 _____ () C:\Windows\System32\Ikeext.etl
2014-04-21 08:10 - 2009-07-14 09:34 - 00000855 _____ () C:\Windows\System32\Drivers\etc\hosts_bak_528
2014-04-21 07:11 - 2014-04-21 07:11 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-VENUS-Microsoft-Windows-7-Professional-(64-bit).dat
2014-04-21 07:10 - 2014-04-21 07:10 - 00000000 ____D () C:\RegBackup
 
Some content of TEMP:
====================
C:\Users\VenusDominique.Venus\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpj_p5my.dll
C:\Users\VenusDominique.Venus\AppData\Local\Temp\Quarantine.exe
C:\Users\VenusDominique.Venus\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe
[2014-05-14 21:06] - [2014-03-04 16:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C
 
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points  =========================
 
Restore point made on: 2014-03-12 16:09:01
Restore point made on: 2014-03-12 16:13:42
Restore point made on: 2014-03-13 09:36:32
Restore point made on: 2014-03-16 20:06:08
Restore point made on: 2014-03-17 12:05:51
Restore point made on: 2014-03-17 12:34:49
Restore point made on: 2014-03-17 13:15:35
Restore point made on: 2014-03-17 13:21:30
Restore point made on: 2014-03-17 16:22:54
Restore point made on: 2014-03-18 21:23:16
Restore point made on: 2014-03-19 08:52:43
Restore point made on: 2014-03-20 10:25:57
Restore point made on: 2014-03-20 12:19:12
Restore point made on: 2014-03-20 16:55:18
Restore point made on: 2014-03-21 14:49:58
Restore point made on: 2014-03-23 19:06:21
Restore point made on: 2014-03-26 02:21:15
Restore point made on: 2014-03-26 11:36:57
Restore point made on: 2014-03-26 11:51:33
Restore point made on: 2014-03-28 17:20:43
Restore point made on: 2014-03-28 17:22:33
Restore point made on: 2014-03-29 02:25:25
Restore point made on: 2014-03-30 19:02:12
Restore point made on: 2014-04-05 03:35:10
Restore point made on: 2014-04-06 07:53:19
Restore point made on: 2014-04-06 08:17:37
Restore point made on: 2014-04-06 19:02:43
Restore point made on: 2014-04-07 15:10:41
Restore point made on: 2014-04-07 16:41:14
Restore point made on: 2014-04-09 11:18:31
Restore point made on: 2014-04-10 17:56:50
Restore point made on: 2014-04-13 19:01:44
Restore point made on: 2014-04-21 02:30:29
Restore point made on: 2014-04-21 07:10:40
Restore point made on: 2014-04-21 07:11:29
Restore point made on: 2014-04-21 11:09:49
Restore point made on: 2014-04-21 11:10:46
Restore point made on: 2014-04-26 18:10:03
Restore point made on: 2014-04-26 20:16:27
Restore point made on: 2014-04-26 20:18:09
Restore point made on: 2014-04-27 20:02:36
Restore point made on: 2014-04-28 09:39:49
Restore point made on: 2014-05-02 06:45:55
Restore point made on: 2014-05-04 09:04:09
Restore point made on: 2014-05-04 09:06:55
Restore point made on: 2014-05-08 17:31:53
Restore point made on: 2014-05-08 17:35:40
Restore point made on: 2014-05-10 14:11:33
Restore point made on: 2014-05-10 14:12:28
Restore point made on: 2014-05-14 02:45:29
Restore point made on: 2014-05-14 21:11:57
Restore point made on: 2014-05-15 08:58:00
 
==================== Memory info =========================== 
 
Percentage of memory in use: 88%
Total physical RAM: 4091.61 MB
Available physical RAM: 478.37 MB
Total Pagefile: 8181.4 MB
Available Pagefile: 2625.08 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
 
==================== Drives ================================
 
Drive c: (Tera 2 (xplane)) (Fixed) (Total:492.06 GB) (Free:78.83 GB) NTFS
Drive d: (Tera1) (Fixed) (Total:439.45 GB) (Free:77.2 GB) NTFS
Drive j: (Full Data) (Fixed) (Total:488.28 GB) (Free:151.6 GB) NTFS
Drive x: (old niew XP) (Fixed) (Total:250.98 GB) (Free:52.83 GB) NTFS
Drive y: (old XP) (Fixed) (Total:637.57 GB) (Free:192.76 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 9BCD9DBE)
Partition 1: (Not Active) - (Size=251 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=638 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=43 GB) - (Type=05)
 
========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 97A2ABE2)
Partition 1: (Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=488 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=-1037487307776) - (Type=05)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 251D2EA0)
Partition 1: (Not Active) - (Size=439 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=492 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (Size: 75 GB) (Disk ID: 859F9E4A)
Partition 1: (Not Active) - (Size=75 GB) - (Type=07 NTFS)
 
 
LastRegBack: 2014-05-20 05:29
 
==================== End Of Log ============================


#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,901 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:51 PM

Posted 22 May 2014 - 09:16 AM

Let's try another tool.

Please download OTL (by OldTimer) (if you haven't already) from the link below and save it to your Desktop.

Download Mirror #1

  • Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the customFix.png.pagespeed.ce.jU5V4w6MU1.pn box in OTL. To do that:
    • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    qmgr.dll
    mpsvc.dll
    winsock.*
    rpcss.dll
    /md5stop
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT

  • Open otlicon.png on the desktop. To do that:
    • XP users: Double click on the OTL icon.
    • Vista / 7 Users: Right click on the icon and click Run as Administrator)
  • Make sure all other windows are closed.
    • You will see a console like the one below:

      OTL_Main_Tutorial.gif
      • Click the box beside Scan All Users at the top of the console
      • If you have a 64bit Windows, click the box beside Include 64bit Scans at the top of the console.
      • Make sure the Output box at the top is set to Standard Output.
      • Check the boxes beside LOP Check and Purity Check.
      • Make sure that Use Safe List is checked under Extra Registry.
      • Place the mouse pointer inside the customFix.png.pagespeed.ce.jU5V4w6MU1.pn box, right click and click Paste. This will put the above script inside OTL
      • Click the runscanbutton.png.pagespeed.ce.KPQ_c3iHh button. Do not change any settings unless otherwise told to do so.
      • Let the scan run uninterrupted.
      • When the scan completes, it will open OTL.Txt on the desktop.
      • Please copy the contents of these files and paste it into your reply. To do that:
        • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
        • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
      • Please do the same for the Extras.txt

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 domipj

domipj
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 22 May 2014 - 06:01 PM

I have got two files 

 

 

 


OTL logfile created on: 22.05.2014 22:14:46 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\VenusDominique.Venus\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 0.29 Gb Available Physical Memory | 7.24% Memory free
7.99 Gb Paging File | 2.71 Gb Available in Paging File | 33.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 492.06 Gb Total Space | 76.51 Gb Free Space | 15.55% Space Free | Partition Type: NTFS
Drive D: | 439.45 Gb Total Space | 77.20 Gb Free Space | 17.57% Space Free | Partition Type: NTFS
Drive J: | 488.28 Gb Total Space | 151.60 Gb Free Space | 31.05% Space Free | Partition Type: NTFS
Drive X: | 250.98 Gb Total Space | 52.83 Gb Free Space | 21.05% Space Free | Partition Type: NTFS
Drive Y: | 637.57 Gb Total Space | 192.76 Gb Free Space | 30.23% Space Free | Partition Type: NTFS
 
Computer Name: VENUS | User Name: VenusDominique | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014.05.22 22:10:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\VenusDominique.Venus\Desktop\OTL.exe
PRC - [2014.05.22 21:59:00 | 001,091,912 | ---- | M] (Google Inc.) -- C:\Windows\Temp\CR_AD540.tmp\setup.exe
PRC - [2014.05.20 23:30:00 | 026,832,976 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\Install\{96C07939-7000-46C1-A8D7-CF120D106859}\35.0.1916.114_34.0.1847.137_chrome_updater.exe
PRC - [2014.05.09 05:51:47 | 000,263,048 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
PRC - [2014.05.08 08:52:34 | 032,668,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\VenusDominique.Venus\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014.05.08 06:29:35 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014.04.25 16:56:12 | 012,971,328 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
PRC - [2014.04.25 16:56:12 | 005,024,576 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014.04.25 16:42:00 | 000,238,400 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
PRC - [2014.04.25 03:46:52 | 000,064,384 | ---- | M] (Google) -- C:\Users\VenusDominique.Venus\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2014.04.11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014.04.11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014.04.03 09:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014.03.17 12:15:06 | 029,919,576 | ---- | M] (ICQ) -- C:\Users\VenusDominique.Venus\AppData\Roaming\ICQM\icq.exe
PRC - [2014.03.06 03:05:05 | 000,936,456 | ---- | M] () -- C:\Users\VenusDominique.Venus\AppData\Local\Viber\Viber.exe
PRC - [2014.03.04 18:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2014.02.15 20:23:10 | 004,330,432 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
PRC - [2014.02.15 20:23:10 | 004,163,584 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2014.02.05 16:32:47 | 002,234,144 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2013.07.30 14:18:50 | 000,172,192 | ---- | M] (Fieldston Software) -- C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe
PRC - [2012.12.21 16:04:20 | 001,352,024 | ---- | M] (LULU Software) -- C:\Program Files (x86)\Soda PDF 3D Reader\HelperService.exe
PRC - [2012.12.21 16:04:20 | 000,874,328 | ---- | M] (LULU Software) -- C:\Program Files (x86)\Soda PDF 3D Reader\ConversionService.exe
PRC - [2012.02.26 21:42:28 | 000,632,320 | ---- | M] (FileZilla Project) -- C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
PRC - [2011.04.03 03:57:34 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft ISATAP Adapter\tunnel.exe
PRC - [2011.03.15 14:44:30 | 000,428,384 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2011.03.15 14:44:28 | 000,650,080 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010.03.26 11:28:20 | 001,925,120 | ---- | M] (深圳市普联技术有限公司) -- C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014.05.22 21:53:25 | 000,041,984 | ---- | M] () -- c:\users\venusd~1.ven\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6xcdo8.dll
MOD - [2014.05.14 21:16:26 | 000,785,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\ee550c3d485d44c7fbeeafe12a3e318b\System.EnterpriseServices.ni.dll
MOD - [2014.05.14 21:16:26 | 000,250,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\ee550c3d485d44c7fbeeafe12a3e318b\System.EnterpriseServices.Wrapper.dll
MOD - [2014.05.08 06:29:33 | 000,390,472 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ppgooglenaclpluginchrome.dll
MOD - [2014.05.08 06:29:32 | 013,695,816 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll
MOD - [2014.05.08 06:29:31 | 004,081,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\pdf.dll
MOD - [2014.05.08 06:29:27 | 000,674,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\libglesv2.dll
MOD - [2014.05.08 06:29:27 | 000,093,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\libegl.dll
MOD - [2014.05.08 06:29:26 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ffmpegsumo.dll
MOD - [2014.05.08 06:29:24 | 000,065,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\chrome_elf.dll
MOD - [2014.03.17 12:14:58 | 000,857,944 | ---- | M] () -- C:\Users\VenusDominique.Venus\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll
MOD - [2014.03.06 03:05:05 | 000,936,456 | ---- | M] () -- C:\Users\VenusDominique.Venus\AppData\Local\Viber\Viber.exe
MOD - [2014.03.06 03:04:49 | 014,435,328 | ---- | M] () -- C:\Users\VenusDominique.Venus\AppData\Local\Viber\4.1.0.1703\libViber.dll
MOD - [2014.03.06 02:44:49 | 000,092,160 | ---- | M] () -- C:\Users\VenusDominique.Venus\AppData\Local\Viber\4.1.0.1703\qfacebook.dll
MOD - [2014.02.19 16:11:39 | 000,660,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\2053b0e14f1e64a5c5d6d1c4d01485a2\System.Transactions.ni.dll
MOD - [2014.02.19 16:11:25 | 010,869,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Design\d69841376cfa8b66b7152a571faef4e6\System.Design.ni.dll
MOD - [2014.02.19 16:11:15 | 007,409,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\6bbed231aec6fd82547e09474da0b2f9\System.Data.ni.dll
MOD - [2014.02.19 16:11:01 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014.02.19 16:10:48 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014.02.19 16:10:01 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014.02.19 16:10:00 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014.02.19 16:09:52 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014.02.19 16:09:49 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014.02.19 16:09:37 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014.02.12 02:29:20 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2014.01.13 18:46:37 | 000,833,024 | ---- | M] () -- C:\Users\VenusDominique.Venus\AppData\Local\Viber\4.1.0.1703\platforms\qwindows.dll
MOD - [2014.01.03 10:42:50 | 003,610,624 | ---- | M] () -- C:\Users\VenusDominique.Venus\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013.10.19 06:55:02 | 025,100,288 | ---- | M] () -- C:\Users\VenusDominique.Venus\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013.08.30 20:17:10 | 000,218,624 | ---- | M] () -- C:\Users\VenusDominique.Venus\AppData\Local\Viber\4.1.0.1703\imageformats\qmng.dll
MOD - [2013.08.30 20:17:08 | 000,275,456 | ---- | M] () -- C:\Users\VenusDominique.Venus\AppData\Local\Viber\4.1.0.1703\imageformats\qtiff.dll
MOD - [2013.08.30 20:17:08 | 000,015,360 | ---- | M] () -- C:\Users\VenusDominique.Venus\AppData\Local\Viber\4.1.0.1703\imageformats\qwbmp.dll
MOD - [2013.08.30 20:17:03 | 000,015,872 | ---- | M] () -- C:\Users\VenusDominique.Venus\AppData\Local\Viber\4.1.0.1703\imageformats\qtga.dll
MOD - [2013.08.30 20:13:46 | 000,016,384 | ---- | M] () -- C:\Users\VenusDominique.Venus\AppData\Local\Viber\4.1.0.1703\imageformats\qsvg.dll
MOD - [2013.08.30 20:13:40 | 000,027,136 | ---- | M] () -- C:\Users\VenusDominique.Venus\AppData\Local\Viber\4.1.0.1703\iconengines\qsvgicon.dll
MOD - [2013.08.30 20:12:58 | 000,021,504 | ---- | M] () -- C:\Users\VenusDominique.Venus\AppData\Local\Viber\4.1.0.1703\imageformats\qico.dll
MOD - [2013.08.30 20:12:57 | 000,022,016 | ---- | M] () -- C:\Users\VenusDominique.Venus\AppData\Local\Viber\4.1.0.1703\imageformats\qgif.dll
MOD - [2013.08.30 20:12:51 | 000,205,312 | ---- | M] () -- C:\Users\VenusDominique.Venus\AppData\Local\Viber\4.1.0.1703\imageformats\qjpeg.dll
MOD - [2013.08.30 20:12:45 | 000,620,032 | ---- | M] () -- C:\Users\VenusDominique.Venus\AppData\Local\Viber\4.1.0.1703\sqldrivers\qsqlite.dll
MOD - [2013.08.30 20:08:06 | 000,048,128 | ---- | M] () -- C:\Users\VenusDominique.Venus\AppData\Local\Viber\4.1.0.1703\libEGL.dll
MOD - [2013.08.30 20:08:03 | 000,729,088 | ---- | M] () -- C:\Users\VenusDominique.Venus\AppData\Local\Viber\4.1.0.1703\libGLESv2.dll
MOD - [2010.03.26 11:27:54 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\MFP and Storage Server\PSMDLL.dll
MOD - [2010.03.26 11:27:48 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\MFP and Storage Server\DCPDLL.dll
MOD - [2010.03.26 11:27:44 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\MFP and Storage Server\UNTPDLL.dll
MOD - [2010.03.26 11:27:42 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\TP-LINK\MFP and Storage Server\ESTLogDLL.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014.04.01 18:24:10 | 002,818,888 | ---- | M] (CybelSoft) [Auto | Running] -- C:\Program Files\ma-config.com\MaConfigAgent.exe -- (MaConfigAgent)
SRV:64bit: - [2014.03.06 15:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014.02.05 16:32:24 | 016,941,856 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013.11.29 14:23:38 | 001,296,728 | ---- | M] (www.BitComet.com) [Disabled | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV:64bit: - [2013.05.27 12:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 08:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014.04.29 16:06:44 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.04.25 16:56:12 | 005,024,576 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014.04.11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014.04.11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014.04.04 13:13:19 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014.04.03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014.04.03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014.03.04 18:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2014.02.15 20:23:10 | 004,163,584 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2014.02.05 16:32:34 | 001,593,632 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2013.12.19 01:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.10.23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.09.11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012.12.21 16:04:20 | 001,352,024 | ---- | M] (LULU Software) [Auto | Running] -- C:\Program Files (x86)\Soda PDF 3D Reader\HelperService.exe -- (Soda PDF 3D Reader Helper Service)
SRV - [2012.12.21 16:04:20 | 000,874,328 | ---- | M] (LULU Software) [Auto | Running] -- C:\Program Files (x86)\Soda PDF 3D Reader\ConversionService.exe -- (Soda PDF 3D Reader Service)
SRV - [2012.08.28 10:37:53 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.02.26 21:42:28 | 000,632,320 | ---- | M] (FileZilla Project) [Auto | Running] -- C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)
SRV - [2011.04.03 03:57:34 | 000,032,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft ISATAP Adapter\tunnel.exe -- (xtu)
SRV - [2011.03.15 14:44:30 | 000,428,384 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009.06.11 04:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014.05.22 22:00:35 | 000,119,512 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014.04.03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014.02.24 17:33:46 | 000,017,568 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\ma-config_amd64.sys -- (ma-config_amd64)
DRV:64bit: - [2014.02.18 19:48:28 | 000,901,848 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2013.12.28 01:42:26 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013.11.28 20:38:18 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013.10.17 22:32:57 | 000,016,376 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TVMonitor.sys -- (MonitorFunction)
DRV:64bit: - [2013.10.17 22:32:56 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2013.10.02 19:33:19 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013.10.02 09:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013.07.24 22:02:55 | 000,034,816 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2013.03.28 19:50:02 | 000,041,304 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\eve.sys -- (Eve)
DRV:64bit: - [2013.03.04 19:24:27 | 000,040,344 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2012.12.13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.09.12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.08.23 21:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.01 13:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 13:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 13:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 20:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.07.29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010.07.16 07:45:42 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2010.04.27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010.04.27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010.04.27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010.04.27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009.10.06 11:11:38 | 000,199,168 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GenHC.sys -- (EST_Server)
DRV:64bit: - [2009.10.06 11:11:30 | 000,029,696 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GenBus.sys -- (EST_BusEnum)
DRV:64bit: - [2009.07.14 08:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 08:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 08:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 07:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.11 03:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.11 03:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.11 03:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.11 03:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.08.15 21:32:34 | 000,081,424 | ---- | M] (FarStone Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\FVXSCSI.SYS -- (FVXSCSI)
DRV:64bit: - [2007.04.09 10:09:46 | 000,012,288 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (UsbFltr)
DRV:64bit: - [2007.04.01 07:41:44 | 000,053,656 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fsRamDsk.sys -- (fsRamDsk)
DRV:64bit: - [2007.03.02 13:48:42 | 000,021,784 | ---- | M] (FarStone Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FCDABUS.SYS -- (fcdabus)
DRV - [2014.05.12 15:51:32 | 000,071,472 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys -- (a2acc)
DRV - [2014.05.12 15:51:30 | 000,023,088 | ---- | M] (Emsisoft GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys -- (a2util)
DRV - [2013.09.30 19:30:09 | 000,057,024 | ---- | M] (Emsisoft GmbH) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys -- (cleanhlp)
DRV - [2013.09.01 12:53:01 | 000,045,208 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys -- (a2injectiondriver)
DRV - [2013.03.28 00:46:19 | 000,026,176 | ---- | M] (Emsisoft GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA)
DRV - [2009.07.14 08:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006.11.02 00:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\WimFltr.sys -- (WimFltr)
DRV - [1998.05.08 00:00:00 | 000,000,111 | ---- | M] () [Adapter | On_Demand | Unknown] -- C:\Windows\SysWow64\WINSOCK.SRG -- (Winsock)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3711420242-1791583040-2677181901-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKU\S-1-5-21-3711420242-1791583040-2677181901-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3711420242-1791583040-2677181901-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 83 C6 C9 7B 7E CD 01  [binary data]
IE - HKU\S-1-5-21-3711420242-1791583040-2677181901-1005\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3711420242-1791583040-2677181901-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-3711420242-1791583040-2677181901-1005\..\SearchScopes\{DE072C65-4EFC-48FE-B3B7-134788CD02A6}: "URL" = https://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-3711420242-1791583040-2677181901-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Skype Technologies S.A..com/Skype Web Plugin: C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin64.dll (Skype)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin: C:\Program Files (x86)\Java\jre6\bin\dtplugin\npDeployJava1.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@Skype Technologies S.A..com/Skype Web Plugin: C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\VenusDominique.Venus\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\VenusDominique.Venus\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\VenusDominique.Venus\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\VenusDominique.Venus\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.08.27 09:16:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014.04.04 13:13:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014.04.04 13:13:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.08.27 09:16:04 | 000,000,000 | ---D | M]
 
[2014.01.05 14:48:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VenusDominique.Venus\AppData\Roaming\mozilla\Extensions
[2014.05.08 17:13:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VenusDominique.Venus\AppData\Roaming\mozilla\Firefox\Profiles\jksx81yt.default\extensions
[2014.04.28 06:26:59 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\VenusDominique.Venus\AppData\Roaming\mozilla\Firefox\Profiles\jksx81yt.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2014.03.09 19:16:01 | 000,000,000 | ---D | M] (DownSave) -- C:\Users\VenusDominique.Venus\AppData\Roaming\mozilla\Firefox\Profiles\jksx81yt.default\extensions\yi.uiia@fwr.org
[2014.01.08 02:34:43 | 000,248,650 | ---- | M] () (No name found) -- C:\Users\VenusDominique.Venus\AppData\Roaming\mozilla\firefox\profiles\jksx81yt.default\extensions\SQLiteManager@mrinalkant.blogspot.com.xpi
[2014.05.08 17:13:24 | 000,293,729 | ---- | M] () (No name found) -- C:\Users\VenusDominique.Venus\AppData\Roaming\mozilla\firefox\profiles\jksx81yt.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
[2014.04.04 13:13:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014.04.04 13:13:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014.04.04 13:13:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2014.05.02 19:14:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014.04.04 13:13:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011.11.03 13:59:20 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll
[2012.06.28 22:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: google.fr (Enabled)
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.google.fr/
CHR - plugin: Error reading preferences file
CHR - Extension: Documents Google = C:\Users\VenusDominique.Venus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\
CHR - Extension: Dictanote - Speech Recognizer = C:\Users\VenusDominique.Venus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjekmpappghadlogpigifkghlmebjk\8_0\
CHR - Extension: Google Drive = C:\Users\VenusDominique.Venus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\VenusDominique.Venus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Twitter for Chrome = C:\Users\VenusDominique.Venus\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdoinklelehcpndgmcddkkdhibpoglnk\2.2_0\
CHR - Extension: Recherche Google = C:\Users\VenusDominique.Venus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Facebook Customizer (by Adblock Plus) = C:\Users\VenusDominique.Venus\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm\0.1_0\
CHR - Extension: Minuteur = C:\Users\VenusDominique.Venus\AppData\Local\Google\Chrome\User Data\Default\Extensions\edebbhkhcaafmolanelponjjanocpacd\1.8.0.4_0\
CHR - Extension: Facebook Best Extension = C:\Users\VenusDominique.Venus\AppData\Local\Google\Chrome\User Data\Default\Extensions\eggpnlfecdiinfbanjaicjcohdlcdodi\1.3.1_0\
CHR - Extension: DownSave = C:\Users\VenusDominique.Venus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjgihljoeldiilhglmlemoiihpmmoif\5.2\
CHR - Extension: Video Downloader professional = C:\Users\VenusDominique.Venus\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil\1.97.43_0\
CHR - Extension: Stylish = C:\Users\VenusDominique.Venus\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\1.2.2_0\
CHR - Extension: The QR Code Generator = C:\Users\VenusDominique.Venus\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb\0.2.6_0\
CHR - Extension: Gantter for Google Drive = C:\Users\VenusDominique.Venus\AppData\Local\Google\Chrome\User Data\Default\Extensions\himomacamcpodhkahelbnmaddladgjgo\4.0.1_0\
CHR - Extension: Skype Click to Call = C:\Users\VenusDominique.Venus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\
CHR - Extension: Facebook Cover Maker = C:\Users\VenusDominique.Venus\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjibidejkfaggepnbcnobhinfpojlcmb\5.890_0\
CHR - Extension: Color For Facebook™ = C:\Users\VenusDominique.Venus\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmnfmgelbcgoildddbgofpeofhjgipoi\1.1.0_0\
CHR - Extension: Facebook Couvre = C:\Users\VenusDominique.Venus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhddmephbaipdbkeombmgeeanoheckgk\2.5_0\
CHR - Extension: Google Wallet = C:\Users\VenusDominique.Venus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Deezer = C:\Users\VenusDominique.Venus\AppData\Local\Google\Chrome\User Data\Default\Extensions\npfkoakaabdallkcdbpkkhfilkkngakh\1.3.2_1\
CHR - Extension: Picasa = C:\Users\VenusDominique.Venus\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb\6.2.2_0\
CHR - Extension: Instagram for Chrome = C:\Users\VenusDominique.Venus\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb\5.4.10_0\
CHR - Extension: Facebook Themes (Facebook Theme Gallery) = C:\Users\VenusDominique.Venus\AppData\Local\Google\Chrome\User Data\Default\Extensions\phejagnmddcjhjblnacgmejghffmhjfp\3.2.5_0\
CHR - Extension: Gmail = C:\Users\VenusDominique.Venus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014.05.11 04:37:10 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Soda PDF 3D Reader Helper) - {2FE0F895-6D1D-4c80-A20D-18E42DE9B631} - C:\Program Files (x86)\Soda PDF 3D Reader\PDFIEHelper.dll (LULU Software)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Soda PDF 3D Reader Toolbar) - {64C9D46E-8F8B-4158-9780-A6581C7439B1} - C:\Program Files (x86)\Soda PDF 3D Reader\PDFIEPlugin.dll (LULU Software)
O3 - HKU\S-1-5-21-3711420242-1791583040-2677181901-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files (x86)\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [FileZilla Server Interface] C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe (FileZilla Project)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKU\S-1-5-21-3711420242-1791583040-2677181901-1005..\Run: [AdobeBridge] C:\Program Files (x86)\Adobe\Adobe Bridge CS4\Bridge.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-21-3711420242-1791583040-2677181901-1005..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O4 - HKU\S-1-5-21-3711420242-1791583040-2677181901-1005..\Run: [gSyncit] C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe (Fieldston Software)
O4 - HKU\S-1-5-21-3711420242-1791583040-2677181901-1005..\Run: [icq] C:\Users\VenusDominique.Venus\AppData\Roaming\ICQM\icq.exe (ICQ)
O4 - HKU\S-1-5-21-3711420242-1791583040-2677181901-1005..\Run: [MFP and Storage Server] C:\Program Files (x86)\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe (深圳市普联技术有限公司)
O4 - HKU\S-1-5-21-3711420242-1791583040-2677181901-1005..\Run: [Viber] C:\Users\VenusDominique.Venus\AppData\Local\Viber\Viber.exe ()
O4 - Startup: C:\Users\VenusDominique.Venus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\VenusDominique.Venus\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3711420242-1791583040-2677181901-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3711420242-1791583040-2677181901-1005\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3711420242-1791583040-2677181901-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 5
O7 - HKU\S-1-5-21-3711420242-1791583040-2677181901-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://fichiers.touslesdrivers.com/maconfig/MaConfig_5_2_1_0.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4228664-ED2C-4BA0-893D-02915763FECB}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.11 04:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.01.30 17:48:05 | 000,000,100 | ---- | M] () - X:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.05.22 22:10:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\VenusDominique.Venus\Desktop\OTL.exe
[2014.05.22 22:01:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014.05.20 03:59:52 | 000,000,000 | ---D | C] -- C:\FRST
[2014.05.20 03:57:27 | 002,067,456 | ---- | C] (Farbar) -- C:\Users\VenusDominique.Venus\Desktop\FRST64.exe
[2014.05.15 09:00:05 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014.05.15 09:00:05 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014.05.14 21:09:31 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014.05.14 21:09:30 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014.05.14 21:06:57 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014.05.14 21:06:55 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014.05.14 21:06:54 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014.05.14 21:06:54 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2014.05.14 21:06:53 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\objsel.dll
[2014.05.14 21:06:52 | 005,550,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014.05.14 21:06:51 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll
[2014.05.14 21:06:51 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2014.05.14 21:06:48 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cngprovider.dll
[2014.05.14 21:06:48 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adprovider.dll
[2014.05.14 21:06:48 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll
[2014.05.14 21:06:48 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2014.05.14 21:06:47 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\capiprovider.dll
[2014.05.14 21:06:47 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapiprovider.dll
[2014.05.14 21:06:47 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll
[2014.05.14 21:06:47 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll
[2014.05.14 21:06:47 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll
[2014.05.14 21:06:47 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll
[2014.05.14 21:06:46 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2014.05.14 21:06:45 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wincredprovider.dll
[2014.05.14 21:06:45 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll
[2014.05.14 21:06:44 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2014.05.14 21:06:43 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2014.05.12 15:29:29 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\VenusDominique.Venus\Desktop\TFC.exe
[2014.05.11 22:46:42 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014.05.11 05:47:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2014.05.08 17:36:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Installer Clean Up
[2014.05.08 17:31:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
[2014.05.08 17:31:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2014.05.08 12:34:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2014.05.08 12:28:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NT Registry Optimizer
[2014.05.08 12:28:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NT Registry Optimizer
[2014.05.05 09:21:50 | 000,000,000 | R--D | C] -- C:\VENUS
[2014.05.03 17:25:29 | 000,000,000 | ---D | C] -- C:\Users\VenusDominique.Venus\AppData\Roaming\DropboxMaster
[2014.05.02 17:22:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014.05.02 09:34:48 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014.05.01 17:52:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2014.05.01 17:52:42 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2014.04.30 17:22:53 | 000,000,000 | ---D | C] -- C:\Users\VenusDominique.Venus\Desktop\business cards
[2014.04.30 14:48:21 | 000,000,000 | ---D | C] -- C:\Users\VenusDominique.Venus\Desktop\USB Brigitte
[2014.04.30 09:50:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
[2014.04.30 09:50:36 | 000,000,000 | ---D | C] -- C:\Users\VenusDominique.Venus\AppData\Roaming\mIRC
[2014.04.30 09:50:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mIRC
[2014.04.30 05:25:48 | 000,000,000 | --SD | C] -- C:\Users\VenusDominique.Venus\Documents\My DocsToGo
[2014.04.30 05:03:51 | 000,000,000 | ---D | C] -- C:\Users\VenusDominique.Venus\AppData\Roaming\DocumentsToGoDesktop
[2014.04.30 05:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Documents To Go Desktop
[2014.04.30 05:03:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Documents To Go Desktop
[2014.04.30 04:52:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014.04.29 17:15:52 | 000,000,000 | ---D | C] -- C:\Users\VenusDominique.Venus\Desktop\Mozart - Concerto pour piano  N°20
[2014.04.28 18:07:38 | 000,000,000 | ---D | C] -- C:\Users\VenusDominique.Venus\Desktop\Dominique
[2014.04.28 09:40:31 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2014.04.28 08:36:01 | 000,000,000 | ---D | C] -- C:\Extensions
[2014.04.27 12:35:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla Server
[2014.04.26 20:13:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2014.04.26 17:51:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014.04.26 17:51:05 | 000,000,000 | ---D | C] -- C:\Users\VenusDominique.Venus\Desktop\mbar
[2014.04.25 16:53:21 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.04.25 16:51:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014.04.25 16:50:59 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014.04.25 16:50:59 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014.04.25 16:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[1998.04.27 05:00:00 | 000,570,128 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\DAO350.dll
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014.05.22 22:14:17 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.05.22 22:10:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\VenusDominique.Venus\Desktop\OTL.exe
[2014.05.22 22:06:22 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.05.22 22:00:46 | 000,026,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.05.22 22:00:46 | 000,026,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.05.22 22:00:35 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.05.22 21:51:41 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.05.22 21:48:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.05.22 21:48:01 | 3217,772,544 | -HS- | M] () -- C:\hiberfil.sys
[2014.05.22 06:49:21 | 000,000,956 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3711420242-1791583040-2677181901-1005UA.job
[2014.05.21 22:05:33 | 000,786,598 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.05.21 22:05:33 | 000,653,418 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.05.21 22:05:33 | 000,119,230 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.05.20 03:57:20 | 002,067,456 | ---- | M] (Farbar) -- C:\Users\VenusDominique.Venus\Desktop\FRST64.exe
[2014.05.15 08:57:07 | 000,001,077 | ---- | M] () -- C:\Users\VenusDominique.Venus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014.05.14 20:56:24 | 001,325,827 | ---- | M] () -- C:\Users\VenusDominique.Venus\Desktop\AdwCleaner (2).exe
[2014.05.14 19:51:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3711420242-1791583040-2677181901-1005Core.job
[2014.05.11 22:43:01 | 004,996,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014.05.11 04:51:53 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2014.05.11 04:37:10 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014.05.09 16:00:05 | 000,002,045 | ---- | M] () -- C:\Users\Public\Desktop\Google Docs.lnk
[2014.05.09 16:00:04 | 000,002,057 | ---- | M] () -- C:\Users\Public\Desktop\Google Slides.lnk
[2014.05.09 16:00:04 | 000,002,055 | ---- | M] () -- C:\Users\Public\Desktop\Google Sheets.lnk
[2014.05.09 13:14:03 | 000,477,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014.05.09 13:11:23 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014.05.08 17:34:09 | 000,000,022 | ---- | M] () -- C:\Windows\Wininit.ini
[2014.05.08 14:10:19 | 000,003,744 | ---- | M] () -- C:\Windows\SysWow64\UpdateLog.GDZ
[2014.05.08 12:36:14 | 013,631,488 | -HS- | M] () -- C:\Users\VenusDominique.Venus\NTUSER.bak
[2014.05.08 12:34:37 | 000,002,178 | ---- | M] () -- C:\Users\VenusDominique.Venus\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2014.05.08 12:28:36 | 000,001,027 | ---- | M] () -- C:\Users\VenusDominique.Venus\Desktop\NTREGOPT.lnk
[2014.05.06 10:00:47 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014.05.06 09:10:52 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014.05.05 09:21:50 | 000,000,528 | R--- | M] () -- C:\MediaID.bin
[2014.05.04 08:59:58 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\VenusDominique.Venus\Desktop\TFC.exe
[2014.04.30 09:50:37 | 000,000,970 | ---- | M] () -- C:\Users\Public\Desktop\mIRC.lnk
[2014.04.30 05:25:50 | 000,000,800 | ---- | M] () -- C:\Users\Public\Desktop\My DocsToGo.lnk
[2014.04.30 05:17:58 | 000,001,210 | ---- | M] () -- C:\Users\Public\Desktop\Documents To Go Desktop for iOS.lnk
[2014.04.29 16:52:57 | 001,687,040 | ---- | M] () -- C:\Users\VenusDominique.Venus\Carte Thu.pub
[2014.04.29 16:22:17 | 000,002,903 | ---- | M] () -- C:\Users\VenusDominique.Venus\AppData\Local\recently-used.xbel
[2014.04.29 16:06:43 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014.04.29 16:06:42 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014.04.29 08:01:05 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_875
[2014.04.26 22:47:59 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014.04.25 16:51:04 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014.05.15 08:57:07 | 000,001,077 | ---- | C] () -- C:\Users\VenusDominique.Venus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014.05.14 20:56:35 | 001,325,827 | ---- | C] () -- C:\Users\VenusDominique.Venus\Desktop\AdwCleaner (2).exe
[2014.05.13 17:40:16 | 000,001,388 | ---- | C] () -- C:\Users\VenusDominique.Venus\Desktop\CD1.cue
[2014.05.08 17:36:43 | 000,002,921 | ---- | C] () -- C:\Users\VenusDominique.Venus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk
[2014.05.08 17:34:09 | 000,000,022 | ---- | C] () -- C:\Windows\Wininit.ini
[2014.05.08 14:32:59 | 000,001,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
[2014.05.08 12:34:37 | 000,002,178 | ---- | C] () -- C:\Users\VenusDominique.Venus\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2014.05.08 12:28:36 | 000,001,027 | ---- | C] () -- C:\Users\VenusDominique.Venus\Desktop\NTREGOPT.lnk
[2014.05.05 09:21:50 | 000,000,528 | R--- | C] () -- C:\MediaID.bin
[2014.04.30 09:50:37 | 000,000,970 | ---- | C] () -- C:\Users\Public\Desktop\mIRC.lnk
[2014.04.30 05:25:50 | 000,000,800 | ---- | C] () -- C:\Users\Public\Desktop\My DocsToGo.lnk
[2014.04.30 05:17:58 | 000,001,210 | ---- | C] () -- C:\Users\Public\Desktop\Documents To Go Desktop for iOS.lnk
[2014.04.29 16:22:17 | 000,002,903 | ---- | C] () -- C:\Users\VenusDominique.Venus\AppData\Local\recently-used.xbel
[2014.04.25 16:51:04 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014.04.21 07:11:53 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-VENUS-Microsoft-Windows-7-Professional-(64-bit).dat
[2014.04.09 14:56:43 | 000,007,605 | ---- | C] () -- C:\Users\VenusDominique.Venus\AppData\Local\Resmon.ResmonCfg
[2014.03.12 17:07:39 | 001,687,040 | ---- | C] () -- C:\Users\VenusDominique.Venus\Carte Thu.pub
[2014.03.10 08:11:31 | 000,000,587 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2013.12.08 08:29:19 | 000,032,256 | -HS- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2013.07.18 08:23:19 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2013.03.31 03:56:29 | 000,770,464 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.08 17:43:19 | 000,024,576 | ---- | C] () -- C:\Users\VenusDominique.Venus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.30 06:12:11 | 000,000,000 | ---- | C] () -- C:\Windows\creationsDVD-Films4.INI
[2012.12.29 07:54:17 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\cpuinf32.dll
[2012.12.29 07:53:53 | 000,000,052 | ---- | C] () -- C:\Windows\videodeLuxe.INI
[2012.12.29 07:36:54 | 000,005,937 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2012.10.29 13:17:18 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\Msvcrt10.dll
[2012.09.01 08:09:35 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.09.01 08:09:35 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.09.01 08:09:35 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2012.09.01 08:09:33 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.09.01 08:09:22 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.08.27 15:28:38 | 000,038,462 | ---- | C] () -- C:\Users\VenusDominique.Venus\AppData\Roaming\Comma Separated Values (Windows).ADR
[2012.08.27 13:15:58 | 000,000,535 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012.08.27 13:15:58 | 000,000,288 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.08.27 09:39:59 | 000,245,927 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012.08.27 09:39:59 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012.08.27 09:31:24 | 000,038,497 | ---- | C] () -- C:\Users\VenusDominique.Venus\AppData\Local\Comma Separated Values (Windows).ADR
[2012.08.27 09:07:04 | 000,251,606 | ---- | C] () -- C:\Windows\hpwins25.dat
[2012.08.27 09:07:04 | 000,000,530 | ---- | C] () -- C:\Windows\hpwmdl25.dat
[2012.08.27 05:58:50 | 000,000,143 | ---- | C] () -- C:\Users\VenusDominique.Venus\AppData\Roaming\fusioncache.dat
[2012.08.27 05:58:50 | 000,000,080 | ---- | C] () -- C:\Users\VenusDominique.Venus\AppData\Roaming\X-Plane Installer.prf
[2012.08.27 05:58:50 | 000,000,015 | ---- | C] () -- C:\Users\VenusDominique.Venus\AppData\Roaming\X-Plane_drm.prf
[2012.02.20 09:28:58 | 000,000,073 | ---- | C] () -- C:\Users\VenusDominique.Venus\AppData\Local\X-Plane_drm.prf
[2012.01.29 07:14:47 | 000,000,080 | ---- | C] () -- C:\Users\VenusDominique.Venus\AppData\Local\X-Plane Installer.prf
[2012.01.26 19:34:13 | 013,631,488 | -HS- | C] () -- C:\Users\VenusDominique.Venus\NTUSER.bak
[2011.06.05 05:05:02 | 000,606,208 | ---- | C] () -- C:\Program Files (x86)\Remote_Panel.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 11:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014.03.25 09:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.03.25 09:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 08:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = c:\windows\syswow64\wbem\fastprox.dll -- [2010.11.20 19:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 08:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.28 09:15:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator.Venus\AppData\Roaming\EurekaLog
[2013.10.06 10:50:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator.Venus\AppData\Roaming\FarStone
[2013.10.06 10:50:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator.Venus\AppData\Roaming\Genie-soft
[2013.01.28 09:15:49 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\EurekaLog
[2013.01.28 09:15:49 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\EurekaLog
[2013.12.25 10:48:20 | 000,000,000 | ---D | M] -- C:\Users\VenusBrigitte\AppData\Roaming\APP_NAME_NON_STRING
[2013.12.25 10:37:18 | 000,000,000 | ---D | M] -- C:\Users\VenusBrigitte\AppData\Roaming\Digiarty
[2012.01.26 18:46:40 | 000,000,000 | ---D | M] -- C:\Users\VenusBrigitte\AppData\Roaming\FarStone
[2013.12.25 10:36:59 | 000,000,000 | ---D | M] -- C:\Users\VenusBrigitte\AppData\Roaming\Genie-soft
[2013.12.25 10:36:51 | 000,000,000 | ---D | M] -- C:\Users\VenusBrigitte\AppData\Roaming\MFP and Storage Server
[2014.01.04 10:34:13 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\abelhadigital.com
[2012.08.27 06:12:49 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\ACD Systems
[2013.03.31 04:13:00 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\ACTPrinter
[2012.08.27 05:58:50 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\AirMouse
[2012.08.27 05:58:51 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\ApplicationHistory
[2013.05.12 15:30:10 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\APP_NAME_NON_STRING
[2012.08.27 05:58:57 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\Autodesk
[2014.05.22 22:00:23 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\BitComet
[2012.12.03 21:22:53 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\COWON
[2012.12.03 19:07:05 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\Digiarty
[2014.04.30 05:25:48 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\DocumentsToGoDesktop
[2012.08.27 05:56:53 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\Downloaded Installations
[2011.12.20 16:49:48 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\DrmRemoval
[2014.05.22 21:55:12 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\Dropbox
[2014.05.03 17:25:35 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\DropboxMaster
[2012.01.26 19:34:37 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\FarStone
[2014.05.20 09:13:04 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\FileAdvisor
[2014.04.10 17:34:32 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\FileZilla
[2012.08.25 08:43:25 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\Genie-Soft
[2014.05.01 17:26:46 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\gSyncit
[2012.08.27 05:58:00 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\Hobbyist_Software
[2013.03.31 03:52:51 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\Houdah Software
[2014.03.27 20:45:47 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\ICQ-Profile
[2014.03.17 12:15:06 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\ICQM
[2012.08.27 19:21:20 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\iFunbox_UserCache
[2013.07.10 10:36:50 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\IncomingFiles
[2012.08.27 05:58:02 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\IsolatedStorage
[2013.12.18 09:10:45 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\libimobiledevice
[2013.07.18 08:51:43 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\MAGIX
[2013.07.12 10:23:37 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\MediaMonkey
[2012.09.04 17:19:41 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\MFP and Storage Server
[2012.11.25 09:29:17 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\Naturosoft
[2012.12.10 15:23:08 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\OpenOffice.org
[2012.08.27 05:58:42 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\Opera
[2012.08.27 05:58:42 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\PCHealth
[2013.05.12 16:38:20 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\PDF Software
[2014.03.17 15:50:23 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\PhotoFiltre
[2014.03.17 17:19:17 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\PhotoScape
[2012.08.27 05:58:43 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\RADIO_USA
[2014.03.05 19:40:40 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\redsn0w
[2013.12.18 11:00:50 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\Reincubate
[2014.03.10 08:11:39 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\ScanSoft
[2014.03.06 09:49:58 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\Softplicity
[2013.07.23 04:19:44 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\Sony
[2014.03.18 17:16:44 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2014.02.14 10:17:22 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\TeamViewer
[2014.05.08 20:02:50 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\TeamViewer Manager
[2012.08.27 05:58:44 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\Temp
[2013.07.10 10:36:50 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\TunesNINJA
[2014.05.22 21:54:50 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\ViberPC
[2013.12.05 18:13:50 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\VideoStream
[2012.08.27 09:42:18 | 000,000,000 | ---D | M] -- C:\Users\VenusDominique.Venus\AppData\Roaming\{BB3E1258-9A73-4A91-BE1F-249B31DCD5EF}
[2013.01.28 09:15:49 | 000,000,000 | ---D | M] -- C:\Users\VenusThu\AppData\Roaming\EurekaLog
[2013.12.06 15:31:34 | 000,000,000 | ---D | M] -- C:\Users\VenusThu\AppData\Roaming\FarStone
[2013.12.06 15:31:34 | 000,000,000 | ---D | M] -- C:\Users\VenusThu\AppData\Roaming\Genie-soft
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV:64bit: - [2009.07.14 08:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013.02.27 12:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009.07.14 08:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010.11.20 20:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010.11.20 20:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2014.04.12 09:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009.07.14 08:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009.07.14 08:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012.07.05 05:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013.07.09 12:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013.07.09 11:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010.11.20 20:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010.11.20 20:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010.11.20 19:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011.03.03 13:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009.07.14 08:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009.07.14 08:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009.07.14 08:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009.07.14 08:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010.11.20 20:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009.07.14 08:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009.07.14 08:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009.07.14 08:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009.07.14 08:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009.07.14 08:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012.10.04 00:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009.07.14 08:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011.05.24 18:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012.02.11 13:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2014.04.12 09:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009.07.14 08:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010.11.20 20:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010.11.20 20:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010.11.20 20:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2014.04.12 09:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009.07.14 08:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010.11.20 20:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010.11.20 20:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010.11.20 19:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010.11.20 20:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010.11.20 20:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010.11.20 19:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009.07.14 08:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012.05.01 12:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010.11.20 20:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010.11.20 20:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010.11.20 20:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010.11.20 20:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013.05.27 12:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010.11.20 20:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010.11.20 20:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010.11.20 20:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010.11.20 20:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010.11.20 19:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009.07.14 08:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012.06.03 05:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010.11.20 20:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009.07.14 08:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010.11.20 20:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 13:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 12:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 08:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 12:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 12:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Users\Public\SysWOW64\explorer.exe
[2009.10.31 12:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 12:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 13:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011.02.25 13:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 13:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 13:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 19:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 13:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 12:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 12:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 13:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 12:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 20:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 13:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 12:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 08:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 13:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 13:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 13:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: MPSVC.DLL  >
[2013.05.27 12:26:41 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=7B6CD2C784B13D63481B6BF49605C026 -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MpSvc.dll
[2013.05.27 12:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=7CBB1D4D13DC62D7F529D87151FD3CD3 -- C:\Program Files\Windows Defender\MpSvc.dll
[2013.05.27 12:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=7CBB1D4D13DC62D7F529D87151FD3CD3 -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MpSvc.dll
[2013.05.27 12:56:38 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=93B9D9FABBED612F71527E52E1D1EE93 -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.21531_none_b46d38ce8ad8e4ed\MpSvc.dll
[2009.07.14 08:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=CF318F60A84F15AF352439465A8D05F4 -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_b3b1a27171e01f6c\MpSvc.dll
[2009.07.14 08:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=CF318F60A84F15AF352439465A8D05F4 -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpSvc.dll
[2013.05.27 12:25:24 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=F7DE0DDAC48EEE6DD48A9EB33F6E672D -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.17316_none_b3fe3b6771a68ecd\MpSvc.dll
 
< MD5 for: QMGR.DLL  >
[2010.11.20 20:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\erdnt\cache64\qmgr.dll
[2010.11.20 20:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010.11.20 20:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
[2009.07.14 08:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll
 
< MD5 for: RPCSS.DLL  >
[2010.11.20 20:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\erdnt\cache64\rpcss.dll
[2010.11.20 20:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysNative\rpcss.dll
[2010.11.20 20:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2009.07.14 08:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) MD5=7266972E86890E2B30C0C322E906B027 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
 
< MD5 for: SERVICES  >
[2009.06.11 04:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.ASFX  >
[2013.12.19 01:42:48 | 000,002,626 | ---- | M] () MD5=8073B18DC740B965256CE0957E363AC5 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fr_FR\Services\Services.asfx
 
< MD5 for: SERVICES.ASFX18  >
[2011.06.06 12:55:32 | 000,000,639 | R--- | M] () MD5=ACB64CA3772E9660F72E9E4A6ABF595C -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA76301B744AA0100000010\10.1.0\services.asfx18
 
< MD5 for: SERVICES.CFG  >
[2013.12.19 01:42:40 | 000,558,851 | ---- | M] () MD5=A044715A48D8FADB9366D554F20D3331 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011.06.06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA76301B744AA0100000010\10.1.0\services.cfg
 
< MD5 for: SERVICES.EXE  >
[2009.07.14 08:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009.07.14 08:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009.07.14 08:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2009.07.14 09:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009.07.14 09:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2009.07.14 11:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 11:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009.07.14 11:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\VenusDominique.Venus\Desktop\Downloads\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009.06.11 03:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009.06.11 03:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2009.07.14 09:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Users\Public\SysWOW64\en-US\services.msc
[2009.06.11 04:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Users\Public\SysWOW64\services.msc
[2009.07.14 09:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009.06.11 03:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009.07.14 09:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009.06.11 04:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009.07.14 09:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009.06.11 03:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009.07.14 09:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009.06.11 04:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.MSC.VIR  >
[2009.07.14 09:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\Save\en-US\services.msc.vir
 
< MD5 for: SERVICES.PTXML  >
[2009.07.14 03:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009.07.14 03:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: SERVICES.RDB  >
[2009.08.19 10:24:20 | 000,262,144 | ---- | M] () MD5=00D8C85E07B0D69A27816B54E56EF85B -- C:\Program Files (x86)\OpenOffice.org 3\URE\misc\services.rdb
[2009.08.19 10:23:28 | 005,472,256 | ---- | M] () MD5=81CCB59A28A03DB55807B883CB679027 -- C:\Program Files (x86)\OpenOffice.org 3\Basis\program\services.rdb
 
< MD5 for: SVCHOST.EXE  >
[2009.07.14 08:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Users\Public\SysWOW64\svchost.exe
[2009.07.14 08:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009.07.14 08:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 08:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2014.04.03 09:49:02 | 000,742,200 | ---- | M] (MalwareBytes) MD5=96820649733BFB2B0499C371904B7B40 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
[2009.07.14 08:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009.07.14 08:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 08:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 19:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010.11.20 19:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 19:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 08:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Users\Public\SysWOW64\userinit.exe
[2009.07.14 08:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 08:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 20:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010.11.20 20:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 20:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 20:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010.11.20 20:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 08:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2014.03.04 18:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014.03.04 16:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\SysNative\winlogon.exe
[2014.03.04 16:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[2014.04.03 09:49:02 | 000,742,200 | ---- | M] (MalwareBytes) MD5=96820649733BFB2B0499C371904B7B40 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2009.10.28 14:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 13:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WINSOCK.SRG  >
[1998.05.08 00:00:00 | 000,000,111 | ---- | M] () MD5=D2A5DEAA23CCADE73A2301C665B587FA -- C:\Windows\SysWOW64\WINSOCK.SRG
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C is Tera 2 (xplane)
 Volume Serial Number is 488D-57C0
 Directory of C:\ProgramData
14.07.2009  12:08    <JUNCTION>     Application Data [..]
14.07.2009  12:08    <JUNCTION>     Desktop [..]
14.07.2009  12:08    <JUNCTION>     Documents [..]
14.07.2009  12:08    <JUNCTION>     Favorites [..]
14.07.2009  12:08    <JUNCTION>     Start Menu [..]
14.07.2009  12:08    <JUNCTION>     Templates [..]
               0 File(s)              0 bytes
 Directory of C:\Users
14.07.2009  12:08    <SYMLINKD>     All Users [C:\ProgramData]
14.07.2009  12:08    <JUNCTION>     Default User [..]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator.Venus
06.10.2013  10:48    <JUNCTION>     Application Data [..]
06.10.2013  10:48    <JUNCTION>     Cookies [..]
06.10.2013  10:48    <JUNCTION>     Local Settings [..]
06.10.2013  10:48    <JUNCTION>     My Documents [..]
06.10.2013  10:48    <JUNCTION>     NetHood [..]
06.10.2013  10:48    <JUNCTION>     PrintHood [..]
06.10.2013  10:48    <JUNCTION>     Recent [..]
06.10.2013  10:48    <JUNCTION>     SendTo [..]
06.10.2013  10:48    <JUNCTION>     Start Menu [..]
06.10.2013  10:48    <JUNCTION>     Templates [..]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator.Venus\AppData\Local
06.10.2013  10:48    <JUNCTION>     Application Data [..]
06.10.2013  10:48    <JUNCTION>     History [..]
06.10.2013  10:48    <JUNCTION>     Temporary Internet Files [..]
               0 File(s)              0 bytes
 Directory of C:\Users\Administrator.Venus\Documents
06.10.2013  10:48    <JUNCTION>     My Music [..]
06.10.2013  10:48    <JUNCTION>     My Pictures [..]
06.10.2013  10:48    <JUNCTION>     My Videos [..]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
14.07.2009  12:08    <JUNCTION>     Application Data [..]
14.07.2009  12:08    <JUNCTION>     Desktop [..]
14.07.2009  12:08    <JUNCTION>     Documents [..]
14.07.2009  12:08    <JUNCTION>     Favorites [..]
14.07.2009  12:08    <JUNCTION>     Start Menu [..]
14.07.2009  12:08    <JUNCTION>     Templates [..]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
14.07.2009  12:08    <JUNCTION>     Application Data [..]
14.07.2009  12:08    <JUNCTION>     Local Settings [..]
14.07.2009  12:08    <JUNCTION>     My Documents [..]
14.07.2009  12:08    <JUNCTION>     NetHood [..]
14.07.2009  12:08    <JUNCTION>     PrintHood [..]
14.07.2009  12:08    <JUNCTION>     Recent [..]
14.07.2009  12:08    <JUNCTION>     SendTo [..]
14.07.2009  12:08    <JUNCTION>     Start Menu [..]
14.07.2009  12:08    <JUNCTION>     Templates [..]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
14.07.2009  12:08    <JUNCTION>     Application Data [..]
14.07.2009  12:08    <JUNCTION>     History [..]
14.07.2009  12:08    <JUNCTION>     Temporary Internet Files [..]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
14.07.2009  12:08    <JUNCTION>     My Music [..]
14.07.2009  12:08    <JUNCTION>     My Pictures [..]
14.07.2009  12:08    <JUNCTION>     My Videos [..]
               0 File(s)              0 bytes
 Directory of C:\Users\HomeGroupUser$
29.01.2012  11:03    <JUNCTION>     Application Data [..]
29.01.2012  11:03    <JUNCTION>     Cookies [..]
29.01.2012  11:03    <JUNCTION>     Local Settings [..]
29.01.2012  11:03    <JUNCTION>     NetHood [..]
29.01.2012  11:03    <JUNCTION>     PrintHood [..]
29.01.2012  11:03    <JUNCTION>     Recent [..]
29.01.2012  11:03    <JUNCTION>     SendTo [..]
29.01.2012  11:03    <JUNCTION>     Start Menu [..]
29.01.2012  11:03    <JUNCTION>     Templates [..]
               0 File(s)              0 bytes
 Directory of C:\Users\HomeGroupUser$\AppData\Local
29.01.2012  11:03    <JUNCTION>     Application Data [..]
29.01.2012  11:03    <JUNCTION>     History [..]
29.01.2012  11:03    <JUNCTION>     Temporary Internet Files [..]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
14.07.2009  12:08    <JUNCTION>     My Music [..]
14.07.2009  12:08    <JUNCTION>     My Pictures [..]
14.07.2009  12:08    <JUNCTION>     My Videos [..]
               0 File(s)              0 bytes
 Directory of C:\Users\VenusBrigitte
26.01.2012  18:46    <JUNCTION>     Application Data [..]
26.01.2012  18:46    <JUNCTION>     Cookies [..]
26.01.2012  18:46    <JUNCTION>     Local Settings [..]
26.01.2012  18:46    <JUNCTION>     My Documents [..]
26.01.2012  18:46    <JUNCTION>     NetHood [..]
26.01.2012  18:46    <JUNCTION>     PrintHood [..]
26.01.2012  18:46    <JUNCTION>     Recent [..]
26.01.2012  18:46    <JUNCTION>     SendTo [..]
26.01.2012  18:46    <JUNCTION>     Start Menu [..]
26.01.2012  18:46    <JUNCTION>     Templates [..]
               0 File(s)              0 bytes
 Directory of C:\Users\VenusBrigitte\AppData\Local
26.01.2012  18:46    <JUNCTION>     Application Data [..]
26.01.2012  18:46    <JUNCTION>     History [..]
26.01.2012  18:46    <JUNCTION>     Temporary Internet Files [..]
               0 File(s)              0 bytes
 Directory of C:\Users\VenusBrigitte\Documents
26.01.2012  18:46    <JUNCTION>     My Music [..]
26.01.2012  18:46    <JUNCTION>     My Pictures [..]
26.01.2012  18:46    <JUNCTION>     My Videos [..]
               0 File(s)              0 bytes
 Directory of C:\Users\VenusDominique.Venus
26.01.2012  19:34    <JUNCTION>     Recent [..]
26.01.2012  19:34    <JUNCTION>     SendTo [..]
26.01.2012  19:34    <JUNCTION>     Start Menu [..]
26.01.2012  19:34    <JUNCTION>     Templates [..]
               0 File(s)              0 bytes
 Directory of C:\Users\VenusDominique.Venus\AppData\Local
26.01.2012  19:34    <JUNCTION>     Application Data [..]
26.01.2012  19:34    <JUNCTION>     History [..]
26.01.2012  19:34    <JUNCTION>     Temporary Internet Files [..]
               0 File(s)              0 bytes
 Directory of C:\Users\VenusDominique.Venus\Documents
26.01.2012  19:34    <JUNCTION>     My Music [..]
26.01.2012  19:34    <JUNCTION>     My Pictures [..]
26.01.2012  19:34    <JUNCTION>     My Videos [..]
               0 File(s)              0 bytes
 Directory of C:\Users\VenusThu
06.12.2013  15:29    <JUNCTION>     Application Data [..]
06.12.2013  15:29    <JUNCTION>     Cookies [..]
06.12.2013  15:29    <JUNCTION>     Local Settings [..]
06.12.2013  15:29    <JUNCTION>     My Documents [..]
06.12.2013  15:29    <JUNCTION>     NetHood [..]
06.12.2013  15:29    <JUNCTION>     PrintHood [..]
06.12.2013  15:29    <JUNCTION>     Recent [..]
06.12.2013  15:29    <JUNCTION>     SendTo [..]
06.12.2013  15:29    <JUNCTION>     Start Menu [..]
06.12.2013  15:29    <JUNCTION>     Templates [..]
               0 File(s)              0 bytes
 Directory of C:\Users\VenusThu\AppData\Local
06.12.2013  15:29    <JUNCTION>     Application Data [..]
06.12.2013  15:29    <JUNCTION>     History [..]
06.12.2013  15:29    <JUNCTION>     Temporary Internet Files [..]
               0 File(s)              0 bytes
 Directory of C:\Users\VenusThu\Documents
06.12.2013  15:29    <JUNCTION>     My Music [..]
06.12.2013  15:29    <JUNCTION>     My Pictures [..]
06.12.2013  15:29    <JUNCTION>     My Videos [..]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
             102 Dir(s)  81'849'528'320 bytes free
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1337 bytes -> C:\Users\VenusDominique.Venus\Documents\Maynoname.eml:OECustomProperty
 
< End of report >
 


#14 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,901 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:51 PM

Posted 23 May 2014 - 06:59 AM

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: OTL QuickScan
  • Run OTL by double-clicking on it. (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on OTL.exe and select Run as Administrator)
  • Click Quick Scan to start OTL.
  • When OTL finishes scanning, a logs, OTL.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

Edited by Machiavelli, 23 May 2014 - 06:59 AM.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#15 domipj

domipj
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 23 May 2014 - 07:42 PM

Report adwcleaner

 

# AdwCleaner v3.210 - Report created 24/05/2014 at 07:34:44
# Updated 19/05/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : VenusDominique - VENUS
# Running from : C:\Users\VenusDominique.Venus\Desktop\AdwCleaner (3).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Mozilla Firefox v28.0 (fr)
 
-\\ Google Chrome v35.0.1916.114
 
*************************
 
AdwCleaner[R10].txt - [1659 octets] - [17/03/2014 13:24:14]
AdwCleaner[R11].txt - [1073 octets] - [19/03/2014 11:08:44]
AdwCleaner[R12].txt - [1986 octets] - [17/04/2014 11:06:18]
AdwCleaner[R13].txt - [1828 octets] - [02/05/2014 09:33:01]
AdwCleaner[R14].txt - [1396 octets] - [04/05/2014 11:32:33]
AdwCleaner[R15].txt - [1463 octets] - [12/05/2014 11:29:04]
AdwCleaner[R16].txt - [1583 octets] - [14/05/2014 20:57:23]
AdwCleaner[R17].txt - [1832 octets] - [24/05/2014 07:30:47]
AdwCleaner[R9].txt - [837 octets] - [03/03/2014 20:11:12]
AdwCleaner[S10].txt - [1737 octets] - [17/03/2014 13:27:07]
AdwCleaner[S11].txt - [1138 octets] - [19/03/2014 11:32:27]
AdwCleaner[S12].txt - [2064 octets] - [17/04/2014 11:08:21]
AdwCleaner[S13].txt - [1844 octets] - [02/05/2014 16:11:44]
AdwCleaner[S14].txt - [1526 octets] - [12/05/2014 13:16:45]
AdwCleaner[S15].txt - [1646 octets] - [14/05/2014 21:23:38]
AdwCleaner[S16].txt - [1637 octets] - [24/05/2014 07:34:44]
AdwCleaner[S8].txt - [2614 octets] - [18/02/2014 06:07:11]
AdwCleaner[S9].txt - [899 octets] - [03/03/2014 20:16:46]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S16].txt - [1817 octets] ##########





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users