Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

need help with vaudix and shop browser via OTL


  • This topic is locked This topic is locked
5 replies to this topic

#1 Camiros

Camiros

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 17 January 2015 - 06:01 PM

Hey guys. redoing the post for the third time, dunno why didnt accept at first...
 
so, here is the OTL report, also have a hitmanpro log if you need. i tried following the steps from there but blocked at post #17.
 
Computer slow, never formated it, got it since 2011. i have found i have vaudix and browser shop. tried almost everything, control panel and google chrome extension page, but keeps on coming back in the extesion page and is absent from the control panel page. need help to take it out, even though the problem doesnt seem to be there anymore. i would like those files out of my computer. Please, help me out !
 
as for hitmanpro log, i can repost it if needed. thx for you help guys !
 
 
 
 
 
OTL logfile created on: 17/01/2015 17:09:43 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jean-Charles\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 0000040c | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd
 
3,91 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 28,16% Memory free
7,83 Gb Paging File | 4,21 Gb Available in Paging File | 53,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238,47 Gb Total Space | 28,26 Gb Free Space | 11,85% Space Free | Partition Type: NTFS
Drive D: | 332,70 Gb Total Space | 241,30 Gb Free Space | 72,53% Space Free | Partition Type: NTFS
 
Computer Name: JC-PC | User Name: Jean-Charles | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/01/17 17:08:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jean-Charles\Downloads\OTL.exe
PRC - [2014/12/13 14:43:06 | 001,676,344 | ---- | M] (Spotify Ltd) -- C:\Users\Jean-Charles\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/12/08 22:45:28 | 039,207,112 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jean-Charles\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/11/21 13:20:38 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) -- D:\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- D:\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/11/21 06:12:46 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- D:\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/10/21 17:52:24 | 022,869,088 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2014/10/17 15:24:20 | 000,043,816 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2014/10/11 12:05:40 | 000,060,712 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2011/10/13 12:00:53 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2011/04/10 08:09:30 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/04/09 18:16:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/04/07 23:26:24 | 000,045,448 | ---- | M] () -- C:\ExpressGateUtil\VAWinAgent.exe
PRC - [2011/03/25 19:55:16 | 000,091,464 | ---- | M] () -- C:\ExpressGateUtil\VAWinService.exe
PRC - [2011/03/13 12:59:18 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011/01/25 13:32:28 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2010/11/15 10:42:12 | 000,305,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2010/10/07 16:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010/10/05 23:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 23:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/09/23 18:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2010/08/20 09:57:06 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2010/08/17 16:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010/07/10 00:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
PRC - [2009/12/15 12:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009/06/19 12:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 12:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/15 19:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/12/22 19:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008/08/13 23:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2007/11/30 13:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/01/17 15:58:39 | 000,043,008 | ---- | M] () -- c:\users\jean-c~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmiufzu.dll
MOD - [2015/01/17 15:56:37 | 001,160,704 | ---- | M] () -- C:\Users\JEAN-C~1\AppData\Local\Temp\_MEI8882\_ssl.pyd
MOD - [2015/01/17 15:56:37 | 000,805,888 | ---- | M] () -- C:\Users\JEAN-C~1\AppData\Local\Temp\_MEI8882\wx._gdi_.pyd
MOD - [2015/01/17 15:56:37 | 000,713,216 | ---- | M] () -- C:\Users\JEAN-C~1\AppData\Local\Temp\_MEI8882\_hashlib.pyd
MOD - [2015/01/17 15:56:37 | 000,110,080 | ---- | M] () -- C:\Users\JEAN-C~1\AppData\Local\Temp\_MEI8882\pywintypes27.dll
MOD - [2015/01/17 15:56:37 | 000,027,136 | ---- | M] () -- C:\Users\JEAN-C~1\AppData\Local\Temp\_MEI8882\_multiprocessing.pyd
MOD - [2015/01/17 15:56:37 | 000,007,168 | ---- | M] () -- C:\Users\JEAN-C~1\AppData\Local\Temp\_MEI8882\hashobjs_ext.pyd
MOD - [2015/01/17 15:56:36 | 001,062,400 | ---- | M] () -- C:\Users\JEAN-C~1\AppData\Local\Temp\_MEI8882\wx._controls_.pyd
MOD - [2015/01/17 15:56:36 | 000,811,008 | ---- | M] () -- C:\Users\JEAN-C~1\AppData\Local\Temp\_MEI8882\wx._windows_.pyd
MOD - [2015/01/17 15:56:36 | 000,686,080 | ---- | M] () -- C:\Users\JEAN-C~1\AppData\Local\Temp\_MEI8882\unicodedata.pyd
MOD - [2015/01/17 15:56:36 | 000,127,488 | ---- | M] () -- C:\Users\JEAN-C~1\AppData\Local\Temp\_MEI8882\pyexpat.pyd
MOD - [2015/01/17 15:56:36 | 000,070,656 | ---- | M] () -- C:\Users\JEAN-C~1\AppData\Local\Temp\_MEI8882\wx._html2.pyd
MOD - [2015/01/17 15:56:36 | 000,038,912 | ---- | M] () -- C:\Users\JEAN-C~1\AppData\Local\Temp\_MEI8882\win32inet.pyd
MOD - [2015/01/17 15:56:36 | 000,025,600 | ---- | M] () -- C:\Users\JEAN-C~1\AppData\Local\Temp\_MEI8882\win32pdh.pyd
MOD - [2015/01/17 15:56:36 | 000,024,064 | ---- | M] () -- C:\Users\JEAN-C~1\AppData\Local\Temp\_MEI8882\win32pipe.pyd
MOD - [2015/01/17 15:56:36 | 000,018,432 | ---- | M] () -- C:\Users\JEAN-C~1\AppData\Local\Temp\_MEI8882\win32event.pyd
MOD - [2015/01/17 15:56:36 | 000,010,240 | ---- | M] () -- C:\Users\JEAN-C~1\AppData\Local\Temp\_MEI8882\select.pyd
MOD - [2015/01/17 15:56:35 | 000,525,640 | ---- | M] () -- C:\Users\JEAN-C~1\AppData\Local\Temp\_MEI8882\windows._lib_cacheinvalidation.pyd
MOD - [2015/01/17 15:56:35 | 000,167,936 | ---- | M] () -- C:\Users\JEAN-C~1\AppData\Local\Temp\_MEI8882\win32gui.pyd
MOD - [2015/01/17 15:56:35 | 000,119,808 | ---- | M] () -- C:\Users\JEAN-C~1\AppData\Local\Temp\_MEI8882\win32file.pyd
MOD - [2015/01/17 15:56:35 | 000,108,544 | ---- | M] () -- C:\Users\JEAN-C~1\AppData\Local\Temp\_MEI8882\win32security.pyd
MOD - [2015/01/17 15:56:35 | 000,045,568 | ---- | M] () -- C:\Users\JEAN-C~1\AppData\Local\Temp\_MEI8882\_socket.pyd
MOD - [2015/01/17 15:56:35 | 000,017,408 | ---- | M] () -- C:\Users\JEAN-C~1\AppData\Local\Temp\_MEI8882\win32profile.pyd
MOD - [2015/01/17 15:56:34 | 000,128,512 | ---- | M] () -- C:\Users\JEAN-C~1\AppData\Local\Temp\_MEI8882\_elementtree.pyd
MOD - [2015/01/17 15:56:34 | 000,098,816 | ---- | M] () -- C:\Users\JEAN-C~1\AppData\Local\Temp\_MEI8882\win32api.pyd
MOD - [2015/01/17 15:56:34 | 000,087,552 | ---- | M] () -- C:\Users\JEAN-C~1\AppData\Local\Temp\_MEI8882\_ctypes.pyd
MOD - [2015/01/17 15:56:33 | 001,175,040 | ---- | M] () -- C:\Users\JEAN-C~1\AppData\Local\Temp\_MEI8882\wx._core_.pyd
MOD - [2015/01/17 15:56:33 | 000,735,232 | ---- | M] () -- C:\Users\JEAN-C~1\AppData\Local\Temp\_MEI8882\wx._misc_.pyd
MOD - [2015/01/17 15:56:33 | 000,557,056 | ---- | M] () -- C:\Users\JEAN-C~1\AppData\Local\Temp\_MEI8882\pysqlite2._sqlite.pyd
MOD - [2015/01/17 15:56:33 | 000,364,544 | ---- | M] () -- C:\Users\JEAN-C~1\AppData\Local\Temp\_MEI8882\pythoncom27.dll
MOD - [2015/01/17 15:56:33 | 000,320,512 | ---- | M] () -- C:\Users\JEAN-C~1\AppData\Local\Temp\_MEI8882\win32com.shell.shell.pyd
MOD - [2015/01/17 15:56:33 | 000,122,368 | ---- | M] () -- C:\Users\JEAN-C~1\AppData\Local\Temp\_MEI8882\wx._wizard.pyd
MOD - [2015/01/17 15:56:33 | 000,078,336 | ---- | M] () -- C:\Users\JEAN-C~1\AppData\Local\Temp\_MEI8882\wx._animate.pyd
MOD - [2015/01/17 15:56:33 | 000,022,528 | ---- | M] () -- C:\Users\JEAN-C~1\AppData\Local\Temp\_MEI8882\win32ts.pyd
MOD - [2015/01/17 15:56:33 | 000,011,264 | ---- | M] () -- C:\Users\JEAN-C~1\AppData\Local\Temp\_MEI8882\win32crypt.pyd
MOD - [2015/01/17 15:56:32 | 000,035,840 | ---- | M] () -- C:\Users\JEAN-C~1\AppData\Local\Temp\_MEI8882\win32process.pyd
MOD - [2014/12/05 20:50:51 | 014,913,352 | ---- | M] () -- C:\Users\Jean-Charles\AppData\Local\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
MOD - [2014/12/05 20:50:50 | 009,009,480 | ---- | M] () -- C:\Users\Jean-Charles\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll
MOD - [2014/12/05 20:50:46 | 001,077,064 | ---- | M] () -- C:\Users\Jean-Charles\AppData\Local\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
MOD - [2014/12/05 20:50:45 | 000,211,272 | ---- | M] () -- C:\Users\Jean-Charles\AppData\Local\Google\Chrome\Application\39.0.2171.95\libegl.dll
MOD - [2014/12/05 20:50:44 | 001,677,128 | ---- | M] () -- C:\Users\Jean-Charles\AppData\Local\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
MOD - [2014/10/21 19:22:50 | 000,750,080 | ---- | M] () -- C:\Users\Jean-Charles\AppData\Roaming\Dropbox\bin\libGLESv2.dll
MOD - [2014/10/21 19:22:50 | 000,047,616 | ---- | M] () -- C:\Users\Jean-Charles\AppData\Roaming\Dropbox\bin\libEGL.dll
MOD - [2014/10/21 19:22:48 | 000,863,744 | ---- | M] () -- C:\Users\Jean-Charles\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
MOD - [2014/10/21 19:22:46 | 000,200,704 | ---- | M] () -- C:\Users\Jean-Charles\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
MOD - [2014/10/11 12:05:58 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/01/20 13:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/04/09 18:16:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2011/04/07 23:26:24 | 000,045,448 | ---- | M] () -- C:\ExpressGateUtil\VAWinAgent.exe
MOD - [2011/01/18 13:21:56 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\ASUS\VirtualCamera\virtualCamera.ax
MOD - [2010/09/23 18:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2010/08/20 09:57:06 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2010/08/20 09:57:00 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2007/11/30 13:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/21 21:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/03/24 17:50:50 | 000,357,144 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2011/01/25 16:11:56 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010/11/29 17:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2015/01/17 16:08:23 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/11/21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/11/21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/11/18 15:23:34 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/04/10 08:09:30 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/04/09 18:16:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/03/25 19:55:16 | 000,091,464 | ---- | M] () [Auto | Running] -- C:\ExpressGateUtil\VAWinService.exe -- (VideAceWindowsService)
SRV - [2011/03/13 12:59:18 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011/03/13 12:58:30 | 000,074,912 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010/10/05 23:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/05 23:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/12/15 12:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/06/15 19:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2015/01/17 16:18:07 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2015/01/17 16:17:43 | 000,043,664 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV:64bit: - [2014/11/21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/07/28 13:52:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2014/03/18 19:24:40 | 000,059,160 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2014/03/18 19:24:38 | 000,076,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2014/03/18 19:24:36 | 000,013,080 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2014/03/18 19:24:34 | 000,077,592 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2013/07/25 16:53:46 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2013/06/02 04:56:58 | 000,031,920 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/07 10:49:50 | 002,770,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/04/09 18:16:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/03/13 12:58:44 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/03/13 12:58:44 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011/03/13 12:58:44 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011/03/13 12:58:44 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011/03/13 12:58:42 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011/03/13 12:58:42 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011/03/13 12:58:42 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/02 19:59:20 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/01/26 19:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/29 17:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/20 08:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/05 10:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/08 05:32:28 | 001,395,248 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/09/23 02:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/21 11:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/08/24 04:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/04/28 11:59:16 | 000,027,264 | ---- | M] (ASUS Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\assd.sys -- (assd)
DRV:64bit: - [2009/07/20 04:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/23 19:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2010/07/26 15:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/02 19:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Jean-Charles\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jean-Charles\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jean-Charles\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jean-Charles\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014/07/14 17:56:12 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Jean-Charles\AppData\Local\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jean-Charles\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jean-Charles\AppData\Local\Google\Chrome\Application\39.0.2171.95\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Exent® AOD Gecko Plugin (Enabled) = C:\Program Files (x86)\Free Ride Games\npExentCtl.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Jean-Charles\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Jean-Charles\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - default_search_provider: 814E56D3ABBC4D9B5E306DBE8C0E6BCDE81F43736233C8328C0F1828513ADCC5 (Enabled)
CHR - default_search_provider: search_url = A1CA27B79C0AE14C0F78B1F1075603BF05E16E4D6F20C35A8F719D4B933A1CE7
CHR - default_search_provider: suggest_url = 
CHR - homepage: 4052F8A1943A58FC748202424C47060186A4FE89977057E7DB9351F7A84986A6
CHR - Extension: Radio = C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\agljkoinmcdnopnlbhhjibjiablccgoh\1.0.56_0\
CHR - Extension: Google Drive = C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: YouTube = C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Pool = C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedbddnnmhgnedpamoenmdkhnpnfbpjb\1.0.4_0\
CHR - Extension: Recherche Google = C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Full Screen Weather = C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.3_0\
CHR - Extension: MagicScroll eBook Reader = C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble\3.0_0\
CHR - Extension: AdBlock = C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.15_0\
CHR - Extension: Vinja.TV = C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\kclhlebecbkbjcdkgpleaokgndndhbgc\1.9.7_0\
CHR - Extension: Until AM Web App = C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk\0.204_0\
CHR - Extension: Application Launcher for Drive (by Google) = C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\
CHR - Extension: Need for Speed World = C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnnelgnkomjdakpkjpkfehdipjifjmbk\1.0.0.4_0\
CHR - Extension: Google Wallet = C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Radio = C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\agljkoinmcdnopnlbhhjibjiablccgoh\1.0.56_0\
CHR - Extension: Google Drive = C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: YouTube = C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Pool = C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedbddnnmhgnedpamoenmdkhnpnfbpjb\1.0.4_0\
CHR - Extension: Recherche Google = C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Full Screen Weather = C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.3_0\
CHR - Extension: MagicScroll eBook Reader = C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble\3.0_0\
CHR - Extension: AdBlock = C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.15_0\
CHR - Extension: Vinja.TV = C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\kclhlebecbkbjcdkgpleaokgndndhbgc\1.9.7_0\
CHR - Extension: Until AM Web App = C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk\0.204_0\
CHR - Extension: Application Launcher for Drive (by Google) = C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\
CHR - Extension: Need for Speed World = C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnnelgnkomjdakpkjpkfehdipjifjmbk\1.0.0.4_0\
CHR - Extension: Google Wallet = C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe ()
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Jean-Charles\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKCU..\Run: [Power2GoExpress]  File not found
O4 - HKCU..\Run: [Spotify] C:\Users\Jean-Charles\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Jean-Charles\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\Jean-Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jean-Charles\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Jean-Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.151.67.6 205.151.67.34 205.151.67.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D2FAF67-1CAB-4037-A89A-DC2299783CEF}: DhcpNameServer = 205.151.67.6 205.151.67.34 205.151.67.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D197F68-0387-40FA-9309-A53B49C91A07}: DhcpNameServer = 132.208.250.1 132.208.250.101
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77D4F872-E532-4ECF-B9B1-0A96C4162B88}: DhcpNameServer = 172.20.10.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5c064ca1-5568-11e1-81d3-742f68d458e0}\Shell - "" = AutoRun
O33 - MountPoints2\{5c064ca1-5568-11e1-81d3-742f68d458e0}\Shell\AutoRun\command - "" = E:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/01/17 16:16:54 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2015/01/17 13:45:08 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/12/29 19:56:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Screenshot
[2014/12/29 19:55:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ViaUdiix
[2014/12/29 19:55:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vaaudiix
[2014/12/29 19:54:31 | 000,000,000 | ---D | C] -- C:\ProgramData\ccgimhggfhidnpjjlgedpogbkojiccdj
 
========== Files - Modified Within 30 Days ==========
 
[2015/01/17 17:09:30 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/01/17 17:07:00 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2629830593-2982594959-551724188-1004UA.job
[2015/01/17 16:59:07 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2629830593-2982594959-551724188-1001UA.job
[2015/01/17 16:28:07 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/17 16:20:20 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/17 16:20:20 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/17 16:18:07 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/01/17 16:17:43 | 000,043,664 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2015/01/17 15:55:41 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/17 15:55:00 | 000,409,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/01/17 15:54:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/01/17 15:54:40 | 3152,138,240 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/17 14:28:01 | 000,000,956 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2629830593-2982594959-551724188-1001UA.job
[2015/01/17 14:07:47 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2015/01/17 14:03:43 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2629830593-2982594959-551724188-1001Core.job
[2015/01/17 13:44:47 | 002,186,752 | ---- | M] () -- C:\Users\Jean-Charles\Desktop\adwcleaner_4.108.exe
[2015/01/17 13:00:04 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2629830593-2982594959-551724188-1004Core.job
[2015/01/16 23:28:02 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2629830593-2982594959-551724188-1001Core.job
[2015/01/04 17:35:21 | 001,700,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/01/04 17:35:21 | 000,759,322 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2015/01/04 17:35:21 | 000,665,892 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/01/04 17:35:21 | 000,154,154 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2015/01/04 17:35:21 | 000,126,104 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
 
========== Files Created - No Company Name ==========
 
[2015/01/17 16:17:43 | 000,043,664 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2015/01/17 13:44:29 | 002,186,752 | ---- | C] () -- C:\Users\Jean-Charles\Desktop\adwcleaner_4.108.exe
[2014/03/18 17:35:50 | 000,218,200 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2014/03/04 14:30:47 | 001,675,484 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/12 22:45:02 | 000,003,584 | ---- | C] () -- C:\Users\Jean-Charles\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/08/02 23:34:56 | 000,000,000 | ---D | M] -- C:\Users\Jean-Charles\AppData\Roaming\.minecraft
[2012/02/12 06:57:41 | 000,000,000 | ---D | M] -- C:\Users\Jean-Charles\AppData\Roaming\ASUS WebStorage
[2014/03/04 22:16:03 | 000,000,000 | ---D | M] -- C:\Users\Jean-Charles\AppData\Roaming\Battle.net
[2015/01/16 23:21:02 | 000,000,000 | ---D | M] -- C:\Users\Jean-Charles\AppData\Roaming\BitTorrent
[2015/01/17 15:59:00 | 000,000,000 | ---D | M] -- C:\Users\Jean-Charles\AppData\Roaming\Dropbox
[2014/04/16 20:27:28 | 000,000,000 | ---D | M] -- C:\Users\Jean-Charles\AppData\Roaming\Leadertech
[2012/02/12 06:45:13 | 000,000,000 | ---D | M] -- C:\Users\Jean-Charles\AppData\Roaming\Nuance
[2012/03/16 22:00:09 | 000,000,000 | ---D | M] -- C:\Users\Jean-Charles\AppData\Roaming\PlayFirst
[2015/01/17 16:18:23 | 000,000,000 | ---D | M] -- C:\Users\Jean-Charles\AppData\Roaming\Spotify
[2015/01/05 23:06:59 | 000,000,000 | ---D | M] -- C:\Users\Jean-Charles\AppData\Roaming\TS3Client
[2012/02/15 12:30:53 | 000,000,000 | ---D | M] -- C:\Users\Jean-Charles\AppData\Roaming\Unity
[2012/02/16 22:10:13 | 000,000,000 | ---D | M] -- C:\Users\Jean-Charles\AppData\Roaming\Windows Live Writer
[2012/02/12 06:45:10 | 000,000,000 | ---D | M] -- C:\Users\Jean-Charles\AppData\Roaming\Zeon
 
========== Purity Check ==========
 
 
 
< End of report >
 


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:11 AM

Posted 17 January 2015 - 11:53 PM

Hello Camiros,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

2.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Camiros

Camiros
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 18 January 2015 - 03:30 PM

thx for your help and time. ADWcleaner was already done before posting here. here what came out. i wil 

 

# AdwCleaner v4.108 - Rapport créé le 17/01/2015 à 14:03:44
# Mis à jour le 17/01/2015 par Xplode
# Database : 2015-01-13.2 [Live]
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : Jean-Charles - JC-PC
# Exécuté depuis : C:\Users\Jean-Charles\Downloads\adwcleaner_4.108.exe
# Option : Nettoyer
 
***** [ Services ] *****
 
 
***** [ Fichiers / Dossiers ] *****
 
Dossier Supprimé : C:\ProgramData\Ask
Dossier Supprimé : C:\ProgramData\Partner
Dossier Supprimé : C:\ProgramData\Premium
Dossier Supprimé : C:\ProgramData\1868085439718007238
Dossier Supprimé : C:\Program Files (x86)\DeltaFix
Dossier Supprimé : C:\Users\Jean-Charles\AppData\Local\CrashRpt
Fichier Supprimé : C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Fichier Supprimé : C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Fichier Supprimé : C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
Fichier Supprimé : C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
Fichier Supprimé : C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
Fichier Supprimé : C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
Fichier Supprimé : C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
 
***** [ Tâches planifiées ] *****
 
 
***** [ Raccourcis ] *****
 
 
***** [ Registre ] *****
 
Clé Supprimée : HKLM\SOFTWARE\Classes\Vaudix.Vaudix
Clé Supprimée : HKLM\SOFTWARE\Classes\Vaudix.Vaudix.9
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{9de3bf7b-d66d-4aaa-9914-c6ece6ed8472}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{c7428575-97d4-4153-852f-da47c7c04c32}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9de3bf7b-d66d-4aaa-9914-c6ece6ed8472}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c7428575-97d4-4153-852f-da47c7c04c32}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9de3bf7b-d66d-4aaa-9914-c6ece6ed8472}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{c7428575-97d4-4153-852f-da47c7c04c32}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\CLSID\{9de3bf7b-d66d-4aaa-9914-c6ece6ed8472}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\CLSID\{c7428575-97d4-4153-852f-da47c7c04c32}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9de3bf7b-d66d-4aaa-9914-c6ece6ed8472}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c7428575-97d4-4153-852f-da47c7c04c32}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AF64C8F2-2C10-474C-A9CA-078D12906AF3}
Clé Supprimée : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Clé Supprimée : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Clé Supprimée : HKLM\SOFTWARE\Conduit
Clé Supprimée : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
 
***** [ Navigateurs ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Google Chrome v
 
 
*************************
 
AdwCleaner[R0].txt - [5887 octets] - [17/01/2015 13:45:15]
AdwCleaner[S0].txt - [5563 octets] - [17/01/2015 14:03:44]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5623 octets] ##########
 
 
Here is the other log you wanted : 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-01-2015 01
Ran by Jean-Charles (administrator) on JC-PC on 18-01-2015 15:27:57
Running from C:\Users\Jean-Charles\Downloads
Loaded Profiles: UpdatusUser & Jean-Charles (Available profiles: UpdatusUser & Jean-Charles & Invité)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Français (France)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
() C:\ExpressGateUtil\VAWinService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Google Inc.) C:\Users\Jean-Charles\AppData\Local\Google\Update\GoogleUpdate.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Facebook Inc.) C:\Users\Jean-Charles\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Spotify Ltd) C:\Users\Jean-Charles\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Malwarebytes Corporation) D:\Malwarebytes Anti-Malware\mbam.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Dropbox, Inc.) C:\Users\Jean-Charles\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\ExpressGateUtil\VAWinAgent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Users\Jean-Charles\AppData\Local\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Google Inc.) C:\Users\Jean-Charles\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jean-Charles\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\Jean-Charles\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jean-Charles\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jean-Charles\AppData\Local\Google\Chrome\Application\chrome.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Google Inc.) C:\Users\Jean-Charles\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Google Inc.) C:\Users\Jean-Charles\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Users\Jean-Charles\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2189416 2011-03-01] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-08-11] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2392360 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [92968 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-01] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [731472 2011-02-23] (ecareme)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [VAWinAgent] => C:\ExpressGateUtil\VAWinAgent.exe [45448 2011-04-07] ()
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-20] (CyberLink)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2629830593-2982594959-551724188-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-2629830593-2982594959-551724188-1001\...\Run: [Power2GoExpress] => [X]
HKU\S-1-5-21-2629830593-2982594959-551724188-1001\...\Run: [Google Update] => C:\Users\Jean-Charles\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-22] (Google Inc.)
HKU\S-1-5-21-2629830593-2982594959-551724188-1001\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-2629830593-2982594959-551724188-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2629830593-2982594959-551724188-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2629830593-2982594959-551724188-1001\...\Run: [Facebook Update] => C:\Users\Jean-Charles\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-02-07] (Facebook Inc.)
HKU\S-1-5-21-2629830593-2982594959-551724188-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-2629830593-2982594959-551724188-1001\...\Run: [Spotify Web Helper] => C:\Users\Jean-Charles\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-13] (Spotify Ltd)
HKU\S-1-5-21-2629830593-2982594959-551724188-1001\...\MountPoints2: {5c064ca1-5568-11e1-81d3-742f68d458e0} - E:\Autorun.exe
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [193128 2011-04-09] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe ()
Startup: C:\Users\Jean-Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jean-Charles\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Jean-Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2629830593-2982594959-551724188-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
HKU\S-1-5-21-2629830593-2982594959-551724188-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
HKU\S-1-5-21-2629830593-2982594959-551724188-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
HKU\S-1-5-21-2629830593-2982594959-551724188-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2629830593-2982594959-551724188-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2629830593-2982594959-551724188-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\S-1-5-21-2629830593-2982594959-551724188-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 205.151.67.6 205.151.67.34 205.151.67.2
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKU\S-1-5-21-2629830593-2982594959-551724188-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Jean-Charles\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-2629830593-2982594959-551724188-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Jean-Charles\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2629830593-2982594959-551724188-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Jean-Charles\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2629830593-2982594959-551724188-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jean-Charles\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-07-14]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Radio) - C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\agljkoinmcdnopnlbhhjibjiablccgoh [2013-03-14]
CHR Extension: (Google Drive) - C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-11]
CHR Extension: (YouTube) - C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-09]
CHR Extension: (Pool) - C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedbddnnmhgnedpamoenmdkhnpnfbpjb [2013-03-14]
CHR Extension: (No Name) - C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjakedkphmphnlilokfkgkdclmhakhjg [2015-01-18]
CHR Extension: (Recherche Google) - C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-09]
CHR Extension: (Full Screen Weather) - C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2013-03-14]
CHR Extension: (MagicScroll eBook Reader) - C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble [2014-11-25]
CHR Extension: (AdBlock) - C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-31]
CHR Extension: (Vinja.TV) - C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\kclhlebecbkbjcdkgpleaokgndndhbgc [2013-03-14]
CHR Extension: (Until AM Web App) - C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk [2013-03-14]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-05]
CHR Extension: (Need for Speed World) - C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnnelgnkomjdakpkjpkfehdipjifjmbk [2013-03-27]
CHR Extension: (Google Wallet) - C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Gmail) - C:\Users\Jean-Charles\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-09]
CHR Extension: (Vaaudiix) - C:\ProgramData\ccgimhggfhidnpjjlgedpogbkojiccdj\ [2012-03-09]
CHR HKU\S-1-5-21-2629830593-2982594959-551724188-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\JEAN-C~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-01-21]
CHR HKU\S-1-5-21-2629830593-2982594959-551724188-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR StartMenuInternet: Google Chrome - C:\Users\Jean-Charles\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed]
S2 MBAMScheduler; D:\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; D:\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-03-25] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
R0 assd; C:\Windows\System32\Drivers\assd.sys [27264 2010-04-28] (ASUS Corporation)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-01-17] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-18 15:27 - 2015-01-18 15:28 - 00024626 _____ () C:\Users\Jean-Charles\Downloads\FRST.txt
2015-01-18 15:27 - 2015-01-18 15:27 - 00000000 ____D () C:\FRST
2015-01-18 15:25 - 2015-01-18 15:25 - 02126848 _____ (Farbar) C:\Users\Jean-Charles\Downloads\FRST64.exe
2015-01-18 15:16 - 2015-01-18 15:16 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\62643587.sys
2015-01-17 21:06 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-17 20:39 - 2015-01-17 20:39 - 00014987 _____ () C:\Users\Jean-Charles\Downloads\[kickass.so]matlab.r2013a.32bit.64bit.crack.included.torrent
2015-01-17 19:44 - 2015-01-17 19:44 - 00003078 _____ () C:\Windows\System32\Tasks\{03E33658-F3F0-429D-93F4-DECCFD6C7CFB}
2015-01-17 19:43 - 2015-01-17 19:43 - 00000000 ____D () C:\Program Files\MATLAB
2015-01-17 18:19 - 2015-01-17 18:19 - 00014957 _____ () C:\Users\Jean-Charles\Downloads\[kickass.so]matlab.r2013a.8.1.0.604.torrent
2015-01-17 17:40 - 2015-01-17 17:40 - 00108266 _____ () C:\Users\Jean-Charles\Desktop\OTL.Txt
2015-01-17 17:40 - 2015-01-17 17:40 - 00000000 ____D () C:\_OTL
2015-01-17 17:26 - 2015-01-17 17:26 - 00111886 _____ () C:\Users\Jean-Charles\Downloads\Extras.Txt
2015-01-17 17:25 - 2015-01-17 17:25 - 00108266 _____ () C:\Users\Jean-Charles\Downloads\OTL.Txt
2015-01-17 17:08 - 2015-01-17 17:08 - 00602112 _____ (OldTimer Tools) C:\Users\Jean-Charles\Downloads\OTL.exe
2015-01-17 16:58 - 2015-01-17 16:58 - 00035780 _____ () C:\Users\Jean-Charles\Desktop\HitmanPro_20150117_1658.log
2015-01-17 16:17 - 2015-01-17 16:17 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-01-17 16:16 - 2015-01-17 16:17 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-17 16:15 - 2015-01-17 16:16 - 11225840 _____ (SurfRight B.V.) C:\Users\Jean-Charles\Downloads\HitmanPro_x64.exe
2015-01-17 13:45 - 2015-01-17 15:29 - 00000000 ____D () C:\AdwCleaner
2015-01-17 13:44 - 2015-01-17 13:44 - 02186752 _____ () C:\Users\Jean-Charles\Desktop\adwcleaner_4.108.exe
2015-01-16 23:25 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-16 23:25 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-16 23:25 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-16 23:25 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-16 23:25 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-16 23:25 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-16 23:25 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-16 23:25 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-16 23:25 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-16 23:25 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-16 23:25 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-16 23:25 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2014-12-29 19:56 - 2015-01-12 18:23 - 00000000 ____D () C:\Program Files (x86)\Screenshot
2014-12-29 19:55 - 2014-12-29 19:55 - 00000000 ____D () C:\Program Files (x86)\ViaUdiix
2014-12-29 19:55 - 2014-12-29 19:55 - 00000000 ____D () C:\Program Files (x86)\Vaaudiix
2014-12-29 19:54 - 2014-12-29 19:54 - 00000000 ____D () C:\ProgramData\ccgimhggfhidnpjjlgedpogbkojiccdj
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-18 15:28 - 2014-01-21 14:37 - 00001070 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-18 15:26 - 2012-08-29 18:56 - 00000000 ____D () C:\Users\Jean-Charles\Desktop\New Download
2015-01-18 15:26 - 2012-08-29 18:25 - 00000000 ____D () C:\Users\Jean-Charles\AppData\Roaming\BitTorrent
2015-01-18 15:26 - 2012-02-12 22:45 - 00000000 ____D () C:\Users\Jean-Charles\AppData\Local\CrashDumps
2015-01-18 15:18 - 2014-12-04 20:01 - 00000000 ____D () C:\Users\Jean-Charles\AppData\Roaming\Spotify
2015-01-18 15:17 - 2013-01-21 17:02 - 00000000 ___RD () C:\Users\Jean-Charles\Desktop\Dropbox
2015-01-18 15:17 - 2013-01-21 16:59 - 00000000 ____D () C:\Users\Jean-Charles\AppData\Roaming\Dropbox
2015-01-18 15:16 - 2014-12-04 20:01 - 00000000 ____D () C:\Users\Jean-Charles\AppData\Local\Spotify
2015-01-18 15:16 - 2014-08-11 17:00 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-18 15:15 - 2014-01-21 14:42 - 00000000 ___RD () C:\Users\Jean-Charles\Google Drive
2015-01-18 15:14 - 2012-03-09 18:31 - 01550988 _____ () C:\Windows\WindowsUpdate.log
2015-01-18 15:14 - 2012-02-12 05:58 - 00000000 ___HD () C:\ASUS.DAT
2015-01-18 15:13 - 2014-01-21 14:37 - 00001066 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-18 15:13 - 2013-02-07 23:23 - 00000956 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2629830593-2982594959-551724188-1001UA.job
2015-01-18 15:13 - 2013-02-05 16:59 - 00001002 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-18 15:13 - 2012-04-13 19:18 - 00001074 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2629830593-2982594959-551724188-1004UA.job
2015-01-18 15:13 - 2012-04-13 19:18 - 00001022 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2629830593-2982594959-551724188-1004Core.job
2015-01-18 15:13 - 2012-03-09 20:19 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2629830593-2982594959-551724188-1001UA.job
2015-01-18 15:13 - 2012-03-09 20:19 - 00001054 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2629830593-2982594959-551724188-1001Core.job
2015-01-18 03:29 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-18 03:29 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-18 03:27 - 2011-02-18 22:08 - 00759322 _____ () C:\Windows\system32\perfh00C.dat
2015-01-18 03:27 - 2011-02-18 22:08 - 00154154 _____ () C:\Windows\system32\perfc00C.dat
2015-01-18 03:27 - 2009-07-14 00:13 - 01700416 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-18 03:22 - 2011-10-13 11:51 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-18 03:22 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-18 03:21 - 2012-03-20 15:08 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2015-01-18 03:21 - 2012-03-09 18:29 - 00040811 _____ () C:\Windows\setupact.log
2015-01-18 01:26 - 2012-03-08 16:16 - 00003952 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E60886B3-BDF0-493B-8CAE-5C3A1004D8FF}
2015-01-17 23:28 - 2013-02-07 23:23 - 00000934 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2629830593-2982594959-551724188-1001Core.job
2015-01-17 16:08 - 2013-02-05 16:59 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-17 16:08 - 2013-02-05 16:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-17 16:08 - 2013-02-05 16:59 - 00003940 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-17 15:57 - 2012-02-12 05:59 - 00109240 _____ () C:\Users\Jean-Charles\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-17 15:55 - 2009-07-13 23:45 - 00409024 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-17 15:54 - 2011-04-01 23:17 - 00518406 _____ () C:\Windows\PFRO.log
2015-01-17 15:34 - 2011-04-01 23:47 - 00000000 ____D () C:\Program Files (x86)\syncables
2015-01-17 14:07 - 2011-10-13 12:05 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2015-01-17 14:05 - 2011-04-01 23:44 - 00000000 ____D () C:\Windows\es
2015-01-17 13:25 - 2013-09-01 02:02 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-17 03:01 - 2012-02-17 11:32 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-08 09:55 - 2012-02-16 11:44 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 23:06 - 2014-12-13 22:43 - 00000000 ____D () C:\Users\Jean-Charles\AppData\Roaming\TS3Client
 
==================== Files in the root of some directories =======
2012-02-12 22:45 - 2012-02-12 22:45 - 0003584 _____ () C:\Users\Jean-Charles\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-10-13 12:06 - 2011-10-13 12:07 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-10-13 12:06 - 2011-10-13 12:06 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
Some content of TEMP:
====================
C:\Users\Jean-Charles\AppData\Local\Temp\APNStub.exe
C:\Users\Jean-Charles\AppData\Local\Temp\binkw32.dll
C:\Users\Jean-Charles\AppData\Local\Temp\d2l_Install.exe
C:\Users\Jean-Charles\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprayne0.dll
C:\Users\Jean-Charles\AppData\Local\Temp\InstallManager_GEN_GEN.exe
C:\Users\Jean-Charles\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Jean-Charles\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Jean-Charles\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Jean-Charles\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\Jean-Charles\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Jean-Charles\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Jean-Charles\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Jean-Charles\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Jean-Charles\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Jean-Charles\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Jean-Charles\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Jean-Charles\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Jean-Charles\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Jean-Charles\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Jean-Charles\AppData\Local\Temp\lowproc.exe
C:\Users\Jean-Charles\AppData\Local\Temp\NGM.exe
C:\Users\Jean-Charles\AppData\Local\Temp\NGMDll.dll
C:\Users\Jean-Charles\AppData\Local\Temp\NGMResource.dll
C:\Users\Jean-Charles\AppData\Local\Temp\SIMEEIInstaller.exe
C:\Users\Jean-Charles\AppData\Local\Temp\stubhelper.dll
C:\Users\Jean-Charles\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Jean-Charles\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\Jean-Charles\AppData\Local\Temp\Tsu4FA5840D.dll
C:\Users\Jean-Charles\AppData\Local\Temp\unicows.dll
C:\Users\Jean-Charles\AppData\Local\Temp\utt3DF0.tmp.exe
C:\Users\Jean-Charles\AppData\Local\Temp\utt6F69.tmp.exe
C:\Users\Jean-Charles\AppData\Local\Temp\vcredist_x64.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-17 14:49
 
==================== End Of Log ============================
 
which was the FRS and now the addition
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-01-2015 01
Ran by Jean-Charles at 2015-01-18 15:28:45
Running from C:\Users\Jean-Charles\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}) (Version: 1.8.17.26026 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.8.17.26026 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Applet Prox (HKU\S-1-5-21-2629830593-2982594959-551724188-1001\...\Applet Prox) (Version:  - CNRS CLLE-ERSS IRIT http://prox.irit.fr Bruno Gaume - Yannick Chudy)
ASUS AI Recovery (HKLM-x32\...\{38253529-D97D-4901-AE53-5CC9736D3A2E}) (Version: 1.0.13 - ASUS)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.1.0 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.21 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.43 - ASUS)
ASUS Secure Delete (HKLM\...\{761C6783-D3BC-48AB-8E7C-61CE918A8436}) (Version: 1.00.0007 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0011 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0031 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.21 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.84.161 - eCareme Technologies, Inc.)
AsusScr_U Series_ENG (HKLM-x32\...\AsusScr_U Series_ENG) (Version: 1.0.0001 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.9.157 - ASUSTEK)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0008 - ASUS)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BitTorrent (HKU\S-1-5-21-2629830593-2982594959-551724188-1001\...\BitTorrent) (Version: 7.9.2.37755 - BitTorrent Inc.)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.65 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo II (HKLM-x32\...\Diablo II) (Version:  - )
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dropbox (HKU\S-1-5-21-2629830593-2982594959-551724188-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ExpressGateCloud (HKLM-x32\...\InstallShield_{36B0DC39-3282-40EB-8587-B875CE46C3A7}) (Version: 2.6.27.160 - VideACE Co.)
ExpressGateCloud (x32 Version: 2.6.27.160 - VideACE Co.) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.9 - ASUS)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKU\S-1-5-21-2629830593-2982594959-551724188-1001\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Logiciel Logitech Unifying 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
No More Room in Hell (HKLM-x32\...\Steam App 224260) (Version:  - No More Room in Hell Team)
Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)
NVIDIA 3D Vision Driver 268.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 268.13 - NVIDIA Corporation)
NVIDIA Graphics Driver 268.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.13 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.2.22.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.22.1 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6318 - Realtek Semiconductor Corp.)
SceneSwitch (HKLM-x32\...\{5172E572-C175-4F80-A6D5-5CB45826AD61}) (Version: 1.0.6 - ASUS)
Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.00.0000 - Virage Logic, Corp.)
Source SDK (HKLM-x32\...\Steam App 211) (Version:  - Valve)
Spotify (HKU\S-1-5-21-2629830593-2982594959-551724188-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.18.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Unity Web Player (HKU\S-1-5-21-2629830593-2982594959-551724188-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visionneuse Microsoft PowerPoint (HKLM-x32\...\{95140000-00AF-040C-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.1 - ASUS)
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)
用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (HKLM-x32\...\{F992409C-9D10-4AE2-BAEB-B5409AD3785E}) (Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2629830593-2982594959-551724188-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jean-Charles\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2629830593-2982594959-551724188-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Jean-Charles\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2629830593-2982594959-551724188-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Jean-Charles\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2629830593-2982594959-551724188-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Jean-Charles\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2629830593-2982594959-551724188-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Jean-Charles\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2629830593-2982594959-551724188-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Jean-Charles\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2629830593-2982594959-551724188-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jean-Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2629830593-2982594959-551724188-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jean-Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2629830593-2982594959-551724188-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jean-Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2629830593-2982594959-551724188-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jean-Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2629830593-2982594959-551724188-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jean-Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2629830593-2982594959-551724188-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jean-Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2629830593-2982594959-551724188-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jean-Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2629830593-2982594959-551724188-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jean-Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2629830593-2982594959-551724188-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Jean-Charles\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
19-12-2014 03:00:25 Windows Update
26-12-2014 16:28:01 Windows Update
04-01-2015 17:36:39 Windows Update
12-01-2015 18:43:33 Windows Update
16-01-2015 23:24:22 Windows Update
17-01-2015 03:00:22 Windows Update
17-01-2015 13:26:12 Programme d’installation pour les modules Windows
17-01-2015 15:32:00 Removed syncables desktop SE.
17-01-2015 16:53:30 Point de contrôle créé par HitmanPro
18-01-2015 03:00:21 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1936F7F4-3525-416F-85D3-CE7F5C937C1E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-21] (Google Inc.)
Task: {195CD806-3B66-49FF-A977-71D91175613F} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {2BE586F7-5A50-4252-9301-D665D2F62F4E} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2629830593-2982594959-551724188-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe
Task: {302A8B1D-6B9C-4A33-8A94-25E1772D501D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2629830593-2982594959-551724188-1001Core => C:\Users\Jean-Charles\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {37EEECD4-76AE-4291-8F02-9ACF977ABFEC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2629830593-2982594959-551724188-1004UA => C:\Users\Babe\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {4D07BFAD-E65B-421C-AE42-BF50C1D5E8F0} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2629830593-2982594959-551724188-1001Core => C:\Users\Jean-Charles\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-07] (Facebook Inc.)
Task: {5CD4D4A9-8D28-445B-8E4F-B4FCCD55C26B} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS)
Task: {6D727A4A-18B6-4439-B1E1-08A541E63F43} - System32\Tasks\{03E33658-F3F0-429D-93F4-DECCFD6C7CFB} => pcalua.exe -a D:\matlab\SetupSimple.exe -d D:\matlab
Task: {70B28E3E-71D0-43C8-ACC3-EA9334AF0ED9} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-12-01] (ASUS)
Task: {735BFAE1-2DF6-4B64-A597-E36690B0526F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2629830593-2982594959-551724188-1001UA => C:\Users\Jean-Charles\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-07] (Facebook Inc.)
Task: {7EFE1E18-3751-43A9-80B4-F20E5A14A81A} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)
Task: {975BDB75-628F-4066-9020-A2FEBC6CEF23} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-17] (Adobe Systems Incorporated)
Task: {A249BFF5-D15A-4F3C-99CC-CD9C88519BE9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2629830593-2982594959-551724188-1004Core => C:\Users\Babe\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {C114FD22-98B7-4751-B45A-277C318688CA} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {C1B5A01A-52EF-4815-83C0-589183BA63C6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-21] (Google Inc.)
Task: {E21FE80F-0663-4FB6-AA81-FD40A0F73D40} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E2A7C361-E502-4237-AB03-A1E7668676B6} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2629830593-2982594959-551724188-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe
Task: {E2EF6A9B-55B0-403D-8F48-E1C7129E711B} - System32\Tasks\ASUS Secure Delete => C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe [2011-01-24] ()
Task: {F9B16D37-8A15-4DBE-B7B3-B4F6D96203D3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2629830593-2982594959-551724188-1001UA => C:\Users\Jean-Charles\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2629830593-2982594959-551724188-1001Core.job => C:\Users\Jean-Charles\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2629830593-2982594959-551724188-1001UA.job => C:\Users\Jean-Charles\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2629830593-2982594959-551724188-1001Core.job => C:\Users\Jean-Charles\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2629830593-2982594959-551724188-1001UA.job => C:\Users\Jean-Charles\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2629830593-2982594959-551724188-1004Core.job => C:\Users\Babe\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2629830593-2982594959-551724188-1004UA.job => C:\Users\Babe\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-03-25 19:55 - 2011-03-25 19:55 - 00091464 _____ () C:\ExpressGateUtil\VAWinService.exe
2010-04-02 19:21 - 2008-09-30 23:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-07-14 18:11 - 2010-07-14 18:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll
2011-10-13 12:00 - 2007-11-30 13:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2011-01-24 12:55 - 2011-01-24 12:55 - 00541696 _____ () C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe
2011-05-02 22:29 - 2011-01-26 19:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-29 17:04 - 2010-11-29 17:04 - 00403968 _____ () C:\Program Files\Intel\TurboBoost\fr\SignalIslandUi.resources.dll
2010-09-23 18:53 - 2010-09-23 18:53 - 01601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2011-04-07 23:26 - 2011-04-07 23:26 - 00045448 _____ () C:\ExpressGateUtil\VAWinAgent.exe
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-03-25 19:55 - 2011-03-25 19:55 - 00157000 _____ () C:\ExpressGateUtil\libexpat.dll
2011-03-25 19:55 - 2011-03-25 19:55 - 00061768 _____ () C:\ExpressGateUtil\netProfileDatabase.DLL
2010-08-20 09:57 - 2010-08-20 09:57 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-20 09:57 - 2010-08-20 09:57 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2015-01-18 15:13 - 2015-01-18 15:13 - 00098816 _____ () C:\Users\Jean-Charles\AppData\Local\Temp\_MEI46483\win32api.pyd
2015-01-18 15:13 - 2015-01-18 15:13 - 00110080 _____ () C:\Users\Jean-Charles\AppData\Local\Temp\_MEI46483\pywintypes27.dll
2015-01-18 15:13 - 2015-01-18 15:13 - 00364544 _____ () C:\Users\Jean-Charles\AppData\Local\Temp\_MEI46483\pythoncom27.dll
2015-01-18 15:13 - 2015-01-18 15:13 - 00045568 _____ () C:\Users\Jean-Charles\AppData\Local\Temp\_MEI46483\_socket.pyd
2015-01-18 15:13 - 2015-01-18 15:13 - 01160704 _____ () C:\Users\Jean-Charles\AppData\Local\Temp\_MEI46483\_ssl.pyd
2015-01-18 15:13 - 2015-01-18 15:13 - 00320512 _____ () C:\Users\Jean-Charles\AppData\Local\Temp\_MEI46483\win32com.shell.shell.pyd
2015-01-18 15:13 - 2015-01-18 15:13 - 00713216 _____ () C:\Users\Jean-Charles\AppData\Local\Temp\_MEI46483\_hashlib.pyd
2015-01-18 15:13 - 2015-01-18 15:13 - 01175040 _____ () C:\Users\Jean-Charles\AppData\Local\Temp\_MEI46483\wx._core_.pyd
2015-01-18 15:13 - 2015-01-18 15:13 - 00805888 _____ () C:\Users\Jean-Charles\AppData\Local\Temp\_MEI46483\wx._gdi_.pyd
2015-01-18 15:13 - 2015-01-18 15:13 - 00811008 _____ () C:\Users\Jean-Charles\AppData\Local\Temp\_MEI46483\wx._windows_.pyd
2015-01-18 15:13 - 2015-01-18 15:13 - 01062400 _____ () C:\Users\Jean-Charles\AppData\Local\Temp\_MEI46483\wx._controls_.pyd
2015-01-18 15:13 - 2015-01-18 15:13 - 00735232 _____ () C:\Users\Jean-Charles\AppData\Local\Temp\_MEI46483\wx._misc_.pyd
2015-01-18 15:13 - 2015-01-18 15:13 - 00128512 _____ () C:\Users\Jean-Charles\AppData\Local\Temp\_MEI46483\_elementtree.pyd
2015-01-18 15:13 - 2015-01-18 15:13 - 00127488 _____ () C:\Users\Jean-Charles\AppData\Local\Temp\_MEI46483\pyexpat.pyd
2015-01-18 15:13 - 2015-01-18 15:13 - 00557056 _____ () C:\Users\Jean-Charles\AppData\Local\Temp\_MEI46483\pysqlite2._sqlite.pyd
2015-01-18 15:13 - 2015-01-18 15:13 - 00087552 _____ () C:\Users\Jean-Charles\AppData\Local\Temp\_MEI46483\_ctypes.pyd
2015-01-18 15:13 - 2015-01-18 15:13 - 00119808 _____ () C:\Users\Jean-Charles\AppData\Local\Temp\_MEI46483\win32file.pyd
2015-01-18 15:13 - 2015-01-18 15:13 - 00108544 _____ () C:\Users\Jean-Charles\AppData\Local\Temp\_MEI46483\win32security.pyd
2015-01-18 15:13 - 2015-01-18 15:13 - 00007168 _____ () C:\Users\Jean-Charles\AppData\Local\Temp\_MEI46483\hashobjs_ext.pyd
2015-01-18 15:13 - 2015-01-18 15:13 - 00167936 _____ () C:\Users\Jean-Charles\AppData\Local\Temp\_MEI46483\win32gui.pyd
2015-01-18 15:13 - 2015-01-18 15:13 - 00018432 _____ () C:\Users\Jean-Charles\AppData\Local\Temp\_MEI46483\win32event.pyd
2015-01-18 15:13 - 2015-01-18 15:13 - 00038912 _____ () C:\Users\Jean-Charles\AppData\Local\Temp\_MEI46483\win32inet.pyd
2015-01-18 15:13 - 2015-01-18 15:13 - 00011264 _____ () C:\Users\Jean-Charles\AppData\Local\Temp\_MEI46483\win32crypt.pyd
2015-01-18 15:13 - 2015-01-18 15:13 - 00070656 _____ () C:\Users\Jean-Charles\AppData\Local\Temp\_MEI46483\wx._html2.pyd
2015-01-18 15:13 - 2015-01-18 15:13 - 00027136 _____ () C:\Users\Jean-Charles\AppData\Local\Temp\_MEI46483\_multiprocessing.pyd
2015-01-18 15:13 - 2015-01-18 15:13 - 00035840 _____ () C:\Users\Jean-Charles\AppData\Local\Temp\_MEI46483\win32process.pyd
2015-01-18 15:13 - 2015-01-18 15:13 - 00686080 _____ () C:\Users\Jean-Charles\AppData\Local\Temp\_MEI46483\unicodedata.pyd
2015-01-18 15:13 - 2015-01-18 15:13 - 00122368 _____ () C:\Users\Jean-Charles\AppData\Local\Temp\_MEI46483\wx._wizard.pyd
2015-01-18 15:13 - 2015-01-18 15:13 - 00024064 _____ () C:\Users\Jean-Charles\AppData\Local\Temp\_MEI46483\win32pipe.pyd
2015-01-18 15:13 - 2015-01-18 15:13 - 00025600 _____ () C:\Users\Jean-Charles\AppData\Local\Temp\_MEI46483\win32pdh.pyd
2015-01-18 15:13 - 2015-01-18 15:13 - 00525640 _____ () C:\Users\Jean-Charles\AppData\Local\Temp\_MEI46483\windows._lib_cacheinvalidation.pyd
2015-01-18 15:13 - 2015-01-18 15:13 - 00010240 _____ () C:\Users\Jean-Charles\AppData\Local\Temp\_MEI46483\select.pyd
2015-01-18 15:13 - 2015-01-18 15:13 - 00017408 _____ () C:\Users\Jean-Charles\AppData\Local\Temp\_MEI46483\win32profile.pyd
2015-01-18 15:13 - 2015-01-18 15:13 - 00022528 _____ () C:\Users\Jean-Charles\AppData\Local\Temp\_MEI46483\win32ts.pyd
2015-01-18 15:13 - 2015-01-18 15:13 - 00078336 _____ () C:\Users\Jean-Charles\AppData\Local\Temp\_MEI46483\wx._animate.pyd
2014-10-21 19:22 - 2014-10-21 19:22 - 00750080 _____ () C:\Users\Jean-Charles\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-18 15:16 - 2015-01-18 15:16 - 00043008 _____ () c:\Users\Jean-Charles\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprayne0.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00047616 _____ () C:\Users\Jean-Charles\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00863744 _____ () C:\Users\Jean-Charles\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00200704 _____ () C:\Users\Jean-Charles\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2011-01-18 13:21 - 2011-01-18 13:21 - 00204800 _____ () C:\Program Files (x86)\asus\VirtualCamera\virtualCamera.ax
2014-12-12 13:30 - 2014-12-05 20:50 - 01077064 _____ () C:\Users\Jean-Charles\AppData\Local\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-12 13:30 - 2014-12-05 20:50 - 00211272 _____ () C:\Users\Jean-Charles\AppData\Local\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-12 13:30 - 2014-12-05 20:50 - 09009480 _____ () C:\Users\Jean-Charles\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 13:30 - 2014-12-05 20:50 - 01677128 _____ () C:\Users\Jean-Charles\AppData\Local\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-12 13:30 - 2014-12-05 20:50 - 14913352 _____ () C:\Users\Jean-Charles\AppData\Local\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
 
========================= Accounts: ==========================
 
Administrateur (S-1-5-21-2629830593-2982594959-551724188-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-2629830593-2982594959-551724188-1006 - Limited - Enabled)
Invité (S-1-5-21-2629830593-2982594959-551724188-501 - Limited - Enabled) => C:\Users\Invité
Jean-Charles (S-1-5-21-2629830593-2982594959-551724188-1001 - Administrator - Enabled) => C:\Users\Jean-Charles
UpdatusUser (S-1-5-21-2629830593-2982594959-551724188-1000 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/18/2015 03:26:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante LiveUpdt.exe, version : 2.0.0.0, horodatage : 0x4a6d7c8e
Nom du module défaillant : ntdll.dll, version : 6.1.7601.18247, horodatage : 0x521ea8e7
Code d’exception : 0xc0000005
Décalage d’erreur : 0x0002e3be
ID du processus défaillant : 0x1c60
Heure de début de l’application défaillante : 0xLiveUpdt.exe0
Chemin d’accès de l’application défaillante : LiveUpdt.exe1
Chemin d’accès du module défaillant: LiveUpdt.exe2
ID de rapport : LiveUpdt.exe3
 
Error: (01/18/2015 03:20:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante wmpnetwk.exe, version : 12.0.7601.17514, horodatage : 0x4ce7ae7f
Nom du module défaillant : KERNELBASE.dll, version : 6.1.7601.18409, horodatage : 0x5315a05a
Code d’exception : 0x0000046b
Décalage d’erreur : 0x000000000000940d
ID du processus défaillant : 0x974
Heure de début de l’application défaillante : 0xwmpnetwk.exe0
Chemin d’accès de l’application défaillante : wmpnetwk.exe1
Chemin d’accès du module défaillant: wmpnetwk.exe2
ID de rapport : wmpnetwk.exe3
 
Error: (01/18/2015 03:13:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 22540740
 
Error: (01/18/2015 03:13:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 22540740
 
Error: (01/18/2015 03:13:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/18/2015 03:13:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 22539726
 
Error: (01/18/2015 03:13:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 22539726
 
Error: (01/18/2015 03:13:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/18/2015 03:13:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 22538728
 
Error: (01/18/2015 03:13:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 22538728
 
 
System errors:
=============
Error: (01/18/2015 03:26:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service MBAMService s’est terminé de façon inattendue pour la 1ème fois.
 
Error: (01/18/2015 03:20:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Service Partage réseau du Lecteur Windows Media s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 30000 millisecondes : Redémarrer le service.
 
Error: (01/18/2015 03:13:29 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la réponse transactionnelle du service MBAMScheduler.
 
Error: (01/18/2015 03:22:12 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Le pilote de démarrage système ou d’amorçage suivant n’a pas pu se charger : 
cdrom
 
Error: (01/17/2015 03:59:56 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Le service NVIDIA Update Service Daemon est en attente de démarrage.
 
Error: (01/17/2015 03:55:16 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Le pilote de démarrage système ou d’amorçage suivant n’a pas pu se charger : 
cdrom
 
Error: (01/17/2015 03:41:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Service Partage réseau du Lecteur Windows Media s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 30000 millisecondes : Redémarrer le service.
 
Error: (01/17/2015 02:07:04 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Le pilote de démarrage système ou d’amorçage suivant n’a pas pu se charger : 
cdrom
 
Error: (01/17/2015 02:05:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service Spouleur d’impression n’a pas pu démarrer en raison de l’erreur : 
%%1069
 
Error: (01/17/2015 02:05:03 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Le service Spooler n’a pas pu ouvrir de session en tant que NT AUTHORITY\SYSTEM avec le mot de passe actuellement configuré en raison de l’erreur suivante : 
%%50
 
Pour vous assurer que le service est configuré correctement, utilisez le composant logiciel enfichable Services dans Microsoft Management Console (MMC).
 
 
Microsoft Office Sessions:
=========================
Error: (07/29/2014 04:19:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 39 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (07/11/2014 04:36:48 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 765 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (03/16/2014 05:00:44 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 105 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (03/04/2013 08:44:13 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 14 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (12/04/2012 04:48:22 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 328416 seconds with 17400 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-07-14 18:58:19.477
  Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Windows\System32\drivers\LMouFilt.Sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.
 
  Date: 2014-07-14 18:58:19.377
  Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Windows\System32\drivers\LMouFilt.Sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.
 
  Date: 2014-07-14 18:58:15.992
  Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Windows\System32\drivers\LMouFilt.Sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.
 
  Date: 2014-07-14 18:58:15.901
  Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Windows\System32\drivers\LMouFilt.Sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.
 
  Date: 2014-07-14 18:58:14.423
  Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Windows\System32\drivers\LHidFilt.Sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.
 
  Date: 2014-07-14 18:58:14.335
  Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Windows\System32\drivers\LHidFilt.Sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.
 
  Date: 2014-07-14 18:58:14.248
  Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Windows\System32\drivers\LHidFilt.Sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.
 
  Date: 2014-07-14 18:58:14.141
  Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Windows\System32\drivers\LHidFilt.Sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.
 
  Date: 2014-07-14 18:58:14.037
  Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Windows\System32\drivers\LHidFilt.Sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.
 
  Date: 2014-07-14 18:58:13.910
  Description: Windows ne peut pas vérifier l’intégrité d’image du fichier \Device\HarddiskVolume2\Windows\System32\drivers\LHidFilt.Sys, car le fichier à hacher est introuvable sur le système. Une modification matérielle ou logicielle récente a peut-être installé un fichier incorrectement signé ou endommagé ou il s’agit éventuellement d’un logiciel malveillant d’une source inconnue.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 65%
Total physical RAM: 4008.15 MB
Available physical RAM: 1388.14 MB
Total Pagefile: 8014.49 MB
Available Pagefile: 4922.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:238.47 GB) (Free:23.9 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:332.7 GB) (Free:235.76 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: AA9693FE)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=238.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=332.7 GB) - (Type=OF Extended)
 
==================== End Of Log ============================


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:11 AM

Posted 18 January 2015 - 03:50 PM

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

Attached File  fixlist.txt   4.05KB   1 downloads

 

How is the machine running after this fix?

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:11 AM

Posted 21 January 2015 - 03:34 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:11 AM

Posted 26 January 2015 - 01:02 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users