Jump to content

dontchaae

Members
 View Profile  See their activity

  • Posts

    7

  • Joined

  • Last visited

Reputation

0 Neutral
  1. dontchaae
    Thank you for your help, My friend just came by to help me and everything seems to be working fine now, the DClogs folder is absent as well as all the other viruses.
  2. dontchaae
    Here is the scan from Jotti's site: 2015-03-22 Gen:Variant.Kazy.564577 2015-03-22 Found nothing 2015-03-21 Found nothing 2015-03-22 Found nothing 2015-03-22 Gen:Variant.Kazy.564577 2015-03-22 Gen:Variant.Kazy.564577 2015-03-22 Win32:GenMaliciousA-BRD 2015-03-22 Gen:Variant.Kazy.564577 2015-03-22 Found nothing 2015-03-22 Found nothing 2015-03-22 TR/Fynloski.A.1340 2015-03-22 Found nothing 2015-03-22 Gen:Variant.Kazy.564577 2015-03-22 Found nothing 2015-03-22 Found nothing 2015-03-21 Found nothing 2015-03-22 Found nothing 2015-03-22 Found nothing 2015-03-22 Gen:Variant.Kazy.564577 2015-03-21 Found nothing 2015-03-22 Found nothing 2015-03-22 Found nothing
  3. dontchaae
    Here is the Extras.exe: OTL Extras logfile created on: 2015-03-22 19:25:12 - Run 3OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Charlotte\Desktop64bit- Professional (Version = 6.2.9200) - Type = NTWorkstationInternet Explorer (Version = 9.11.9600.17690)Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd 3,91 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 46,60% Memory free7,91 Gb Paging File | 5,33 Gb Available in Paging File | 67,35% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)Drive C: | 224,78 Gb Total Space | 58,55 Gb Free Space | 26,05% Space Free | Partition Type: NTFSDrive D: | 224,78 Gb Total Space | 117,03 Gb Free Space | 52,06% Space Free | Partition Type: NTFSUnable to calculate disk information. Computer Name: CHARLOTTE-PC | User Name: Charlotte | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation).url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation).html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) [HKEY_USERS\S-1-5-21-575980163-2068655675-1454019340-1000\SOFTWARE\Classes\<extension>].html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]"UpgradeTime" = [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]"UpgradeTime" = Reg Error: Unknown registry data type -- File not found ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 1"DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1"DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"EnableFirewall" = 1"DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{234F87D1-C966-4A2B-A214-275DBD5EF9DA}" = lport=138 | protocol=17 | dir=in | app=system | "{316ECA6E-B8F3-40DD-8082-A4FE476DCF91}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{474C5555-4434-41EB-A8A3-836323B91735}" = lport=139 | protocol=6 | dir=in | app=system | "{4B9D09D6-E6A3-45C0-A047-F1376DA4523E}" = lport=445 | protocol=6 | dir=in | app=system | "{5EF6FBC8-6AB5-407C-A225-9BBEE18987D4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{5FE1FD8A-C241-466C-B786-FC01A3CE028C}" = rport=139 | protocol=6 | dir=out | app=system | "{B000DA98-81B5-49E4-AEAB-22EBBA43D435}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | "{B6908543-BEBE-452A-AE86-9BD2C249DADF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{C5847BBC-F35C-4D23-90EC-FB3943E72373}" = lport=137 | protocol=17 | dir=in | app=system | "{CC815ABF-460A-4DE7-B0D0-29C63FCB357B}" = rport=137 | protocol=17 | dir=out | app=system | "{D7E7514D-A9CF-442D-9B52-FFB888893DB1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E97FB4C1-F4A0-4F6B-8005-CBF1A9045220}" = rport=445 | protocol=6 | dir=out | app=system | "{F996A1A6-4B5B-4392-866D-D5E2E196F80E}" = rport=138 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{02CC4086-CEBB-4E76-BD1B-90D631EC208F}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\the sims 4\game\bin\ts4.exe | "{037E2A2A-DDFC-4D27-B3AE-BC39F7C4ACDE}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{0659EB82-31A8-47B8-BEEF-840573BB8F21}" = dir=out | name=@{microsoft.bingweather_3.0.4.249_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} | "{1CE9B71B-9B57-47D1-8800-880A087DCC9C}" = dir=in | name=juniper networks junos pulse | "{24EED8C5-58A6-4306-A632-AD36E57E0FAF}" = dir=out | name=@{microsoft.bingnews_3.0.4.268_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} | "{2713A217-62CF-4820-B554-33E4552948B7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{31941474-F15F-464C-A580-8FE66BAF1754}" = dir=out | name=xbox one smartglass | "{35705B02-C6EE-4087-BCB5-DDB49CCB5993}" = dir=in | name=onenote | "{36EFBC06-5D93-45DF-8F4D-8834124A8E61}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\the sims 4\game\bin\ts4.exe | "{3C6232AE-B497-4971-B003-D7481A271902}" = dir=out | name=f5 vpn | "{40B1900C-07A0-475F-9CA3-DAABEBE3232A}" = dir=out | name=@{microsoft.bingfinance_3.0.4.253_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} | "{41256807-871B-458D-94B6-E57EE2313C45}" = dir=in | name=sonicwall mobile connect | "{41D6CD9C-F667-4BFD-863E-96196D430DC9}" = dir=out | name=@{microsoft.zunevideo_2.6.434.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | "{48F19A0D-BE3E-4195-9D2D-8FCDFF76ED69}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | "{51B3887C-4938-421B-A003-F84B2240F2E3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of mythology\launcher.exe | "{5226F6DB-84C4-4CEC-8C0B-58B01A74DDB0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{5DF6AF38-B9B0-4290-80AD-13EE5BB791D3}" = dir=out | name=juniper networks junos pulse | "{72774FE9-F789-45FF-87A7-0E095F0A6FF5}" = dir=out | name=sonicwall mobile connect | "{79685DD8-27C7-46EF-ADD2-2B9480CCF44E}" = dir=out | name=check point vpn | "{7A4DF660-BDCB-4575-9FE2-559A079DBAC7}" = dir=in | name=f5 vpn | "{7E44856B-8430-4B40-82AA-81B895A86E3B}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | "{7F942FF7-1DE3-485A-ACDD-A363823BE25E}" = protocol=17 | dir=in | app=c:\users\charlotte\appdata\roaming\bittorrent\bittorrent.exe | "{860090C4-6653-4925-BA50-A57F36A9BC71}" = dir=out | name=@{microsoft.bingtravel_3.0.4.309_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} | "{8F11C5C9-67AC-45E4-8FD4-DB90FFF57DB4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{906DB785-3B4B-4102-A28E-3532AC2092C0}" = dir=out | name=@{microsoft.bingnews_3.0.4.255_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} | "{91C95DA3-82D1-4C8D-B779-FD5DC9FDE71F}" = dir=out | name=@{microsoft.bingtravel_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} | "{9389E427-4D2B-41AA-8F93-9101E0973D3C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{951F2062-C5DE-4BDC-A4D0-72084D8C439E}" = dir=in | name=check point vpn | "{9C2D8DBB-9811-4510-B1A4-0F5C9D83244E}" = dir=out | name=@{microsoft.bingmaps_2.1.3230.2048_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | "{A7E6A53C-B333-4318-93BC-FD46646E6AAB}" = dir=in | name=xbox one smartglass | "{A9084CBA-5941-48C8-98C2-FB56765FDDA5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{AA9823A1-7288-4907-B168-5451DA22F938}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\final fantasy iii\ff3_launcher.exe | "{AB0C82D5-E79B-4631-B9BC-A951076B6F25}" = protocol=6 | dir=in | app=c:\users\charlotte\appdata\roaming\bittorrent\bittorrent.exe | "{ABE6B275-274E-46BE-918A-6D5A8D89E9A5}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.4.254_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} | "{AC8D627C-E7DB-46C8-B0CA-B1034CC8BB06}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\final fantasy iii\ff3_launcher.exe | "{B049EF2E-80BC-43F3-8611-3E4D4D8B6C8D}" = dir=out | name=@{microsoft.zunemusic_2.6.672.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | "{B63ED913-BD61-42D1-97CB-C2375F835ECA}" = dir=out | name=@{microsoft.bingweather_3.0.4.298_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} | "{BF4F755F-6B19-4AE5-AB93-C6BBF0DC2076}" = dir=out | name=@{microsoft.bingfinance_3.0.4.298_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} | "{C040CCD6-F242-45F4-8F38-7C5336838AF1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of mythology\launcher.exe | "{C3D37E81-BF27-44DD-BA13-F4FC6F54810C}" = dir=out | name=@{microsoft.zunemusic_2.6.653.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | "{CAEC4D26-5A5A-48E0-91E0-28DA3E373069}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{CD6842F0-A9A5-46C1-B4BD-35785B5B3426}" = dir=out | name=skype | "{CD960442-93D7-42E7-99C1-EDD4AD0CE8DC}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.4.253_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} | "{D8612EC1-EC26-4BB0-96B4-84CB5D34E07F}" = dir=out | name=@{microsoft.bingsports_3.0.4.298_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} | "{DE2B292B-502A-4D05-8109-3278691FFF6F}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.4.309_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} | "{E42EADCF-92B4-4EC6-8133-44A836306265}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{E7475F57-B067-49E4-9C29-9FA555A8BC26}" = dir=out | name=@{microsoft.bingsports_3.0.4.244_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} | "{E8E708F5-5F42-41B0-A6DE-7349A47C085A}" = dir=in | name=skype | "{F49C71D3-9F2E-4D95-B2F5-B2352A656676}" = dir=out | name=onenote | "{F9FDFBB0-5E7C-4FE8-B2B2-8E244473BCD1}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | "TCP Query User{F1485DD5-256B-4184-8E6B-75F9470533A6}C:\users\charlotte\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\charlotte\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{598DAEA5-AD47-4F87-A866-E4A5803F9208}C:\users\charlotte\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\charlotte\appdata\roaming\dropbox\bin\dropbox.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display"{32E9C1A5-0FDA-4483-987D-DBABF9CC1DD8}" = Microsoft Antimalware Service FR-FR Language Pack"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030"{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager"{47BC37A3-35C8-484A-8CBD-851914EB095E}" = Fujitsu Driver Update"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148"{4F90F34B-348A-4F48-8244-5FCAE90C289A}" = Microsoft Camera Codec Pack"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161"{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.1.2"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.03"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8D0A0EC6-9A3C-354F-9BFC-A61E96BE1846}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - FRA"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010"{90140000-00BD-040C-1000-0000000FF1CE}" = Langue des info-bulles Microsoft Office 2010 - Français"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010"{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting"{B678797F-DF38-4556-8A31-8B818E261868}" = Apple Mobile Device Support"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030"{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client FR-FR Language Pack"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility"{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility"{F46AA0F1-E284-4878-A462-5F11B9166C0E}" = iTunes"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - FRA" = Module linguistique Microsoft Visual Studio 2010 Tools pour Office Runtime (x64) - FRA"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010"SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions"{2091F234-EB58-4B80-8C96-8EB78C808CF7}" = Facebook Video Calling 3.1.0.521"{25680C01-6753-4FE9-A891-7857F26457C1}" = Intel® WiDi"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java 6 Update 30"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger"{2C12184B-F547-455E-8B36-D81ED4E17C46}" = Roxio Creator LJ"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = Les Sims™ 3 Showtime"{3DE92282-CB49-434F-81BF-94E5B380E889}" = Les Sims™ 3 Saisons"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Les Sims™ 3 Accès VIP"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live"{48EBEBBF-B9F8-4520-A3CF-89A730721917}" = Les Sims™ 4"{49A588CF-5FD4-4774-BFBF-0764287DE82B}" = Power Saving Utility"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in"{549BF60D-FDDA-4E4C-ABE3-9E897BC09E79}" = Anytime USB Charge Utility"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources"{639BE5F5-720F-4290-84FA-1C53568EAAD4}" = TweetDeck"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable"{74DC8A26-4E05-40B6-AD11-C9428A1AE150}" = Roxio Creator LJ"{78002155-F025-4070-85B3-7C0453561701}" = Apple Application Support"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh"{89A15676-78AE-4D51-BF5B-DEE3E0D46C94}" = Roxio Creator LJ"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Les Sims™ 3 Ambitions"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail"{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}" = Les Sims™ 3 En route vers le Futur"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9"{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger"{AC76BA86-0804-1033-1959-001802114130}" = Adobe Refresh Manager"{AC76BA86-7AD7-1036-7B44-AB0000000001}" = Adobe Reader XI (11.0.10) - Français"{b145ec69-66f5-11d8-9d75-000129760d75}" = CyberLink MakeDisc"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030"{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}" = Les Sims™ 3 Super-pouvoirs"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Les Sims™ 3 Destination Aventure"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Les Sims™ 3"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Les Sims™ 3 Animaux & Cie"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common"{C8A17598-7F89-41EA-9876-0F89DA0B24F1}_is1" = VIO Player version 1.0.1"{C8E4B31D-337C-483D-822D-16F11441669B}" = Fujitsu Hotkey Utility"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform"{DB21639E-FE55-432C-BCA2-0C5249E3F79E}" = Les Sims™ 3 Île de Rêve"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = Les Sims™ 3 Générations"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}" = Les Sims™ 3 University"{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022"Adobe AIR" = Adobe AIR"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI"Audacity_is1" = Audacity 2.0.3"Finale NotePad 2012" = Finale NotePad 2012"Google Chrome" = Google Chrome"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam"InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager"InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9"InstallShield_{b145ec69-66f5-11d8-9d75-000129760d75}" = CyberLink MakeDisc"InstallShield_{C8E4B31D-337C-483D-822D-16F11441669B}" = Fujitsu Hotkey Utility"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility"InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility"LAME_is1" = LAME v3.99.3 (for Windows)"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.1.4.1018"Origin" = Origin"Picasa 3" = Picasa 3"Sptnavi" = Sptnavi"Steam" = Steam"Steam App 239120" = FINAL FANTASY III"Steam App 266840" = Age of Mythology: Extended Edition"VLC media player" = VLC media player 2.0.1"WinLiveSuite" = Windows Live"WinRAR archiver" = WinRAR ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-575980163-2068655675-1454019340-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"Dropbox" = Dropbox"DRPSu Updater" = DriverPack Solution Updater"PennyBee" = PennyBeeUpdate"PhotoFiltre 7" = PhotoFiltre 7"UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ]Error - 2015-03-20 05:45:30 | Computer Name = Charlotte-PC | Source = SideBySide | ID = 16842827Description = La création du contexte d’activation a échoué pour « c:\program files (x86)\Skype\Toolbars\internet explorer\SkypeIEPluginBroker.exe ». Erreur dans le fichier de manifeste ou de stratégie « c:\program files (x86)\Skype\Toolbars\internet explorer\SkypeIEPluginBroker.exe » à la ligne 2. Le manifeste ne peut pas contenir plusieurs éléments requestedPrivileges. Error - 2015-03-21 03:47:15 | Computer Name = Charlotte-PC | Source = SideBySide | ID = 16842827Description = La création du contexte d’activation a échoué pour « c:\program files (x86)\Skype\Toolbars\internet explorer\SkypeIEPluginBroker.exe ». Erreur dans le fichier de manifeste ou de stratégie « c:\program files (x86)\Skype\Toolbars\internet explorer\SkypeIEPluginBroker.exe » à la ligne 2. Le manifeste ne peut pas contenir plusieurs éléments requestedPrivileges. Error - 2015-03-21 03:50:35 | Computer Name = Charlotte-PC | Source = SideBySide | ID = 16842827Description = La création du contexte d’activation a échoué pour « c:\program files (x86)\Skype\Toolbars\internet explorer\SkypeIEPluginBroker.exe ». Erreur dans le fichier de manifeste ou de stratégie « c:\program files (x86)\Skype\Toolbars\internet explorer\SkypeIEPluginBroker.exe » à la ligne 2. Le manifeste ne peut pas contenir plusieurs éléments requestedPrivileges. Error - 2015-03-22 10:02:09 | Computer Name = Charlotte-PC | Source = Application Hang | ID = 1002Description = Le programme RevoUninProSetup.tmp version 51.1052.0.0 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance. ID de processus : 15d8 Heure de début : 01d064a86c328d86 Heure de fin : 4294967295 Chemin d’accès de l’application : C:\Users\CHARLO~1\AppData\Local\Temp\is-U8KIG.tmp\RevoUninProSetup.tmp ID de rapport : 02415a92-d09c-11e4-bee2-5c9ad86037d6 Nom complet du package défaillant : ID de l’application relative au package défaillant : Error - 2015-03-22 11:15:54 | Computer Name = Charlotte-PC | Source = SideBySide | ID = 16842827Description = La création du contexte d’activation a échoué pour « c:\program files (x86)\Skype\Toolbars\internet explorer\SkypeIEPluginBroker.exe ». Erreur dans le fichier de manifeste ou de stratégie « c:\program files (x86)\Skype\Toolbars\internet explorer\SkypeIEPluginBroker.exe » à la ligne 2. Le manifeste ne peut pas contenir plusieurs éléments requestedPrivileges. Error - 2015-03-22 15:51:09 | Computer Name = Charlotte-PC | Source = Application Hang | ID = 1002Description = Le programme OTL.exe version 3.2.69.0 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance. ID de processus : 568 Heure de début : 01d064d920c7898c Heure de fin : 0 Chemin d’accès de l’application : C:\Users\Charlotte\Desktop\OTL.exe ID de rapport : b5bca14f-d0cc-11e4-bee5-5c9ad86037d6 Nom complet du package défaillant : ID de l’application relative au package défaillant : Error - 2015-03-22 16:16:32 | Computer Name = Charlotte-PC | Source = Application Error | ID = 1000Description = Nom de l’application défaillante Setup_FileViewPro_[2015] (1).exe, version : 0.0.0.0, horodatage : 0x545f4e7a Nom du module défaillant : System.dll, version : 0.0.0.0, horodatage : 0x545f49d3 Code d’exception : 0xc0000005 Décalage d’erreur : 0x0000296f ID du processus défaillant : 0xcb0 Heure de début de l’application défaillante : 0x01d064dd0538a3d4 Chemin d’accès de l’application défaillante : C:\Users\Charlotte\Downloads\Setup_FileViewPro_[2015] (1).exe Chemin d’accès du module défaillant: C:\Users\CHARLO~1\AppData\Local\Temp\nse5E11.tmp\System.dllID de rapport : 544ce236-d0d0-11e4-bee5-5c9ad86037d6 Nom complet du package défaillant : ID de l’application relative au package défaillant : Error - 2015-03-22 17:10:00 | Computer Name = Charlotte-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 5973Description = Échec de l’activation de l’application winstore_cw5n1h2txyewy!Windows.Store avec l’erreur : -2144927142 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel. Error - 2015-03-22 17:24:49 | Computer Name = Charlotte-PC | Source = Application Hang | ID = 1002Description = Le programme FRST64.exe version 11.3.2015.0 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance. ID de processus : 6fc Heure de début : 01d064e622f57430 Heure de fin : 4294967295 Chemin d’accès de l’application : C:\Users\Charlotte\Desktop\FRST64.exe ID de rapport : dac62ef5-d0d9-11e4-bee6-5c9ad86037d6 Nom complet du package défaillant : ID de l’application relative au package défaillant : Error - 2015-03-22 18:18:06 | Computer Name = Charlotte-PC | Source = Application Error | ID = 1000Description = Nom de l’application défaillante RogueKillerX64.exe, version : 10.5.6.0, horodatage : 0x550dea28 Nom du module défaillant : RogueKillerX64.exe, version : 10.5.6.0, horodatage : 0x550dea28 Code d’exception : 0xc0000005 Décalage d’erreur : 0x00000000007e41d0 ID du processus défaillant : 0xbdc Heure de début de l’application défaillante : 0x01d064ee11e03c6f Chemin d’accès de l’application défaillante : C:\Users\Charlotte\Downloads\RogueKillerX64.exeChemin d’accès du module défaillant: C:\Users\Charlotte\Downloads\RogueKillerX64.exe ID de rapport : 5027383a-d0e1-11e4-bee7-5c9ad86037d6 Nom complet du package défaillant : ID de l’application relative au package défaillant : Error - 2015-03-22 18:20:17 | Computer Name = Charlotte-PC | Source = Application Error | ID = 1000Description = Nom de l’application défaillante RogueKillerX64.exe, version : 10.5.6.0, horodatage : 0x550dea28 Nom du module défaillant : RogueKillerX64.exe, version : 10.5.6.0, horodatage : 0x550dea28 Code d’exception : 0xc0000005 Décalage d’erreur : 0x00000000007e41d0 ID du processus défaillant : 0x8a4 Heure de début de l’application défaillante : 0x01d064ee605f8481 Chemin d’accès de l’application défaillante : C:\Users\Charlotte\Desktop\RogueKillerX64.exeChemin d’accès du module défaillant: C:\Users\Charlotte\Desktop\RogueKillerX64.exe ID de rapport : 9e2185c6-d0e1-11e4-bee7-5c9ad86037d6 Nom complet du package défaillant : ID de l’application relative au package défaillant : Error - 2015-03-22 18:20:24 | Computer Name = Charlotte-PC | Source = Application Error | ID = 1000Description = Nom de l’application défaillante RogueKillerX64.exe, version : 10.5.6.0, horodatage : 0x550dea28 Nom du module défaillant : RogueKillerX64.exe, version : 10.5.6.0, horodatage : 0x550dea28 Code d’exception : 0xc0000005 Décalage d’erreur : 0x00000000007e41d0 ID du processus défaillant : 0xad4 Heure de début de l’application défaillante : 0x01d064ee64b43761 Chemin d’accès de l’application défaillante : C:\Users\Charlotte\Desktop\RogueKillerX64.exeChemin d’accès du module défaillant: C:\Users\Charlotte\Desktop\RogueKillerX64.exe ID de rapport : a273d650-d0e1-11e4-bee7-5c9ad86037d6 Nom complet du package défaillant : ID de l’application relative au package défaillant : [ Media Center Events ]Error - 2011-08-27 11:41:18 | Computer Name = Charlotte-PC | Source = MCUpdate | ID = 0Description = Error - 2011-08-27 11:41:23 | Computer Name = Charlotte-PC | Source = MCUpdate | ID = 0Description = Error - 2011-08-27 12:41:34 | Computer Name = Charlotte-PC | Source = MCUpdate | ID = 0Description = Error - 2011-08-27 12:41:44 | Computer Name = Charlotte-PC | Source = MCUpdate | ID = 0Description = Error - 2011-08-27 13:42:05 | Computer Name = Charlotte-PC | Source = MCUpdate | ID = 0Description = Error - 2011-08-27 13:42:31 | Computer Name = Charlotte-PC | Source = MCUpdate | ID = 0Description = Error - 2011-09-10 23:31:42 | Computer Name = Charlotte-PC | Source = MCUpdate | ID = 0Description = Error - 2011-09-10 23:32:39 | Computer Name = Charlotte-PC | Source = MCUpdate | ID = 0Description = Error - 2011-09-30 23:34:34 | Computer Name = Charlotte-PC | Source = MCUpdate | ID = 0Description = Error - 2011-09-30 23:35:37 | Computer Name = Charlotte-PC | Source = MCUpdate | ID = 0Description = [ System Events ]Error - 2015-03-22 18:19:27 | Computer Name = Charlotte-PC | Source = DCOM | ID = 10005Description = Error - 2015-03-22 18:19:41 | Computer Name = Charlotte-PC | Source = DCOM | ID = 10005Description = Error - 2015-03-22 18:19:43 | Computer Name = Charlotte-PC | Source = DCOM | ID = 10005Description = Error - 2015-03-22 18:19:48 | Computer Name = Charlotte-PC | Source = DCOM | ID = 10005Description = Error - 2015-03-22 18:19:48 | Computer Name = Charlotte-PC | Source = DCOM | ID = 10005Description = Error - 2015-03-22 18:19:48 | Computer Name = Charlotte-PC | Source = DCOM | ID = 10005Description = Error - 2015-03-22 18:20:17 | Computer Name = Charlotte-PC | Source = DCOM | ID = 10005Description = Error - 2015-03-22 18:20:24 | Computer Name = Charlotte-PC | Source = DCOM | ID = 10005Description = Error - 2015-03-22 18:20:35 | Computer Name = Charlotte-PC | Source = DCOM | ID = 10005Description = Error - 2015-03-22 18:20:35 | Computer Name = Charlotte-PC | Source = DCOM | ID = 10005Description = < End of report >
  4. dontchaae
    Here is the OTL.txt: OTL logfile created on: 2015-03-22 19:25:12 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Charlotte\Desktop64bit- Professional (Version = 6.2.9200) - Type = NTWorkstationInternet Explorer (Version = 9.11.9600.17690)Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd 3,91 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 46,60% Memory free7,91 Gb Paging File | 5,33 Gb Available in Paging File | 67,35% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)Drive C: | 224,78 Gb Total Space | 58,55 Gb Free Space | 26,05% Space Free | Partition Type: NTFSDrive D: | 224,78 Gb Total Space | 117,03 Gb Free Space | 52,06% Space Free | Partition Type: NTFSUnable to calculate disk information. Computer Name: CHARLOTTE-PC | User Name: Charlotte | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2015-03-22 19:23:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Charlotte\Desktop\OTL (1).exePRC - [2015-03-17 06:14:08 | 001,080,120 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exePRC - [2015-03-17 06:14:06 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exePRC - [2015-03-17 06:14:00 | 006,212,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exePRC - [2015-03-14 06:12:39 | 000,809,288 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exePRC - [2015-03-04 18:27:30 | 042,560,368 | ---- | M] (Dropbox, Inc.) -- C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\Dropbox.exePRC - [2015-02-03 20:11:22 | 000,232,264 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exePRC - [2014-12-19 09:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2014-05-27 00:39:13 | 000,056,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exePRC - [2011-03-05 02:49:24 | 000,228,448 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCam.exePRC - [2010-12-20 05:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exePRC - [2010-12-20 05:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exePRC - [2010-12-08 23:36:00 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exePRC - [2010-09-29 21:05:32 | 000,048,752 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exePRC - [2009-07-06 14:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe ========== Modules (No Company Name) ========== MOD - [2015-03-22 18:22:53 | 000,043,008 | ---- | M] () -- c:\users\charlo~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpamtqb_.dllMOD - [2015-03-14 06:12:35 | 009,278,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dllMOD - [2015-03-14 06:12:30 | 001,174,856 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dllMOD - [2015-03-14 06:12:28 | 000,080,200 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dllMOD - [2015-03-04 18:08:06 | 000,865,280 | ---- | M] () -- C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dllMOD - [2015-03-04 18:08:06 | 000,750,080 | ---- | M] () -- C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\libGLESv2.dllMOD - [2015-03-04 18:08:06 | 000,047,616 | ---- | M] () -- C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\libEGL.dllMOD - [2015-03-04 18:07:48 | 000,200,704 | ---- | M] () -- C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dllMOD - [2014-07-31 12:16:44 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dllMOD - [2014-07-31 12:16:12 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dllMOD - [2013-09-05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODFMOD - [2010-10-20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ========== Services (SafeList) ========== SRV:64bit: - [2015-02-03 19:58:28 | 000,366,520 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)SRV:64bit: - [2015-02-03 19:58:28 | 000,023,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)SRV:64bit: - [2014-12-05 21:35:00 | 000,229,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)SRV:64bit: - [2014-10-31 00:51:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)SRV:64bit: - [2014-08-15 23:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)SRV:64bit: - [2014-08-15 20:58:35 | 000,287,744 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)SRV:64bit: - [2014-08-15 20:45:51 | 000,267,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)SRV:64bit: - [2014-07-24 03:28:58 | 001,600,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)SRV:64bit: - [2014-04-18 03:49:43 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)SRV:64bit: - [2014-04-18 03:49:43 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)SRV:64bit: - [2014-04-18 03:45:07 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\w3logsvc.dll -- (w3logsvc)SRV:64bit: - [2014-04-18 03:45:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)SRV:64bit: - [2014-03-18 06:14:12 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)SRV:64bit: - [2014-03-18 06:14:12 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)SRV:64bit: - [2014-03-18 06:14:03 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)SRV:64bit: - [2014-03-18 06:14:01 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)SRV:64bit: - [2014-03-18 06:14:00 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)SRV:64bit: - [2014-03-18 06:13:56 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)SRV:64bit: - [2014-03-18 05:41:40 | 000,183,296 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)SRV:64bit: - [2014-03-18 05:41:39 | 000,090,464 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\KeyboardFilterSvc.dll -- (MsKeyboardFilter)SRV:64bit: - [2014-03-14 02:26:25 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)SRV:64bit: - [2013-08-22 07:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)SRV:64bit: - [2013-08-22 07:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)SRV:64bit: - [2013-08-22 07:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)SRV:64bit: - [2013-08-22 07:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)SRV:64bit: - [2013-08-22 07:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)SRV:64bit: - [2013-08-22 06:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)SRV:64bit: - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)SRV:64bit: - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)SRV:64bit: - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)SRV:64bit: - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)SRV:64bit: - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)SRV:64bit: - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)SRV:64bit: - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)SRV:64bit: - [2013-08-22 06:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)SRV:64bit: - [2013-08-22 05:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)SRV:64bit: - [2013-08-22 05:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)SRV:64bit: - [2013-08-22 05:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)SRV:64bit: - [2013-08-22 05:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)SRV:64bit: - [2013-08-22 05:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)SRV:64bit: - [2013-08-22 05:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)SRV:64bit: - [2013-08-22 05:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)SRV:64bit: - [2013-08-22 05:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)SRV:64bit: - [2010-09-22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)SRV:64bit: - [2010-06-17 18:47:12 | 000,063,336 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService)SRV:64bit: - [2009-09-30 02:23:00 | 000,014,336 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe -- (UpdateNaviInstallService)SRV - [2015-03-17 06:14:08 | 001,080,120 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2015-03-17 06:14:06 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)SRV - [2015-03-14 13:50:54 | 001,910,640 | ---- | M] (Electronic Arts) [On_Demand | Stopped] -- C:\Program Files (x86)\Origin\OriginClientService.exe -- (Origin Client Service)SRV - [2015-02-04 14:44:15 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2015-01-23 18:33:44 | 000,834,752 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)SRV - [2014-12-19 09:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2014-08-15 23:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)SRV - [2014-04-18 03:45:11 | 000,475,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)SRV - [2014-04-18 03:45:11 | 000,475,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)SRV - [2014-04-18 03:45:06 | 000,066,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc)SRV - [2014-04-18 03:45:04 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)SRV - [2014-03-14 02:10:16 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)SRV - [2014-01-29 23:02:44 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)SRV - [2013-10-23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)SRV - [2013-08-21 23:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)SRV - [2013-08-21 22:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)SRV - [2010-12-20 05:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)SRV - [2010-12-20 05:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)SRV - [2010-11-04 12:42:12 | 000,240,112 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124) ========== Driver Services (SafeList) ========== DRV:64bit: - [2015-03-22 19:25:15 | 000,136,408 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)DRV:64bit: - [2015-03-17 06:15:40 | 000,064,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)DRV:64bit: - [2015-03-17 06:15:24 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)DRV:64bit: - [2015-02-03 19:58:33 | 000,264,000 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)DRV:64bit: - [2015-02-03 19:58:33 | 000,114,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)DRV:64bit: - [2015-02-03 19:58:04 | 000,044,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)DRV:64bit: - [2014-12-11 20:51:20 | 000,075,776 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)DRV:64bit: - [2014-10-28 23:56:04 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)DRV:64bit: - [2014-10-12 22:43:17 | 000,238,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)DRV:64bit: - [2014-10-12 22:43:17 | 000,086,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)DRV:64bit: - [2014-10-12 22:43:17 | 000,039,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)DRV:64bit: - [2014-08-14 20:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)DRV:64bit: - [2014-07-28 14:52:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)DRV:64bit: - [2014-07-24 11:28:38 | 000,468,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)DRV:64bit: - [2014-07-24 11:28:38 | 000,412,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)DRV:64bit: - [2014-07-24 07:42:22 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)DRV:64bit: - [2014-05-01 09:31:39 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)DRV:64bit: - [2014-04-18 03:49:46 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)DRV:64bit: - [2014-04-18 03:49:44 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)DRV:64bit: - [2014-04-18 03:49:43 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)DRV:64bit: - [2014-04-18 03:45:10 | 000,173,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)DRV:64bit: - [2014-03-18 06:14:02 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)DRV:64bit: - [2014-03-18 06:13:57 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)DRV:64bit: - [2014-03-18 06:13:39 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)DRV:64bit: - [2014-03-18 06:13:37 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)DRV:64bit: - [2014-03-18 06:13:37 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)DRV:64bit: - [2014-03-18 06:13:37 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)DRV:64bit: - [2014-03-18 06:13:37 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)DRV:64bit: - [2014-03-18 06:13:37 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)DRV:64bit: - [2014-03-18 05:41:42 | 000,022,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kbldfltr.sys -- (kbldfltr)DRV:64bit: - [2014-03-18 05:41:31 | 000,220,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Vid.sys -- (Vid)DRV:64bit: - [2014-03-18 05:41:31 | 000,129,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbusr.sys -- (vmbusr)DRV:64bit: - [2014-03-18 05:41:31 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsp.sys -- (storvsp)DRV:64bit: - [2014-03-18 05:41:31 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcivsp.sys -- (vpcivsp)DRV:64bit: - [2014-03-18 05:41:31 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)DRV:64bit: - [2014-01-29 23:02:28 | 005,363,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)DRV:64bit: - [2013-08-22 09:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)DRV:64bit: - [2013-08-22 09:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2013-08-22 08:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)DRV:64bit: - [2013-08-22 08:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)DRV:64bit: - [2013-08-22 08:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)DRV:64bit: - [2013-08-22 08:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)DRV:64bit: - [2013-08-22 08:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)DRV:64bit: - [2013-08-22 08:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2013-08-22 08:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2013-08-22 08:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)DRV:64bit: - [2013-08-22 08:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2013-08-22 08:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)DRV:64bit: - [2013-08-22 08:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)DRV:64bit: - [2013-08-22 08:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2013-08-22 08:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2013-08-22 08:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)DRV:64bit: - [2013-08-22 08:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2013-08-22 08:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)DRV:64bit: - [2013-08-22 08:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)DRV:64bit: - [2013-08-22 08:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2013-08-22 08:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)DRV:64bit: - [2013-08-22 08:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)DRV:64bit: - [2013-08-22 08:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2013-08-22 08:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)DRV:64bit: - [2013-08-22 08:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)DRV:64bit: - [2013-08-22 08:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)DRV:64bit: - [2013-08-22 08:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)DRV:64bit: - [2013-08-22 08:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)DRV:64bit: - [2013-08-22 08:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)DRV:64bit: - [2013-08-22 07:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)DRV:64bit: - [2013-08-22 07:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)DRV:64bit: - [2013-08-22 07:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)DRV:64bit: - [2013-08-22 07:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)DRV:64bit: - [2013-08-22 07:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)DRV:64bit: - [2013-08-22 07:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)DRV:64bit: - [2013-08-22 07:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)DRV:64bit: - [2013-08-22 07:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)DRV:64bit: - [2013-08-22 07:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)DRV:64bit: - [2013-08-22 07:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)DRV:64bit: - [2013-08-22 07:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)DRV:64bit: - [2013-08-22 07:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)DRV:64bit: - [2013-08-22 07:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)DRV:64bit: - [2013-08-22 07:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2013-08-22 07:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)DRV:64bit: - [2013-08-22 07:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)DRV:64bit: - [2013-08-22 07:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)DRV:64bit: - [2013-08-22 07:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)DRV:64bit: - [2013-08-22 07:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)DRV:64bit: - [2013-08-22 07:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)DRV:64bit: - [2013-08-22 04:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)DRV:64bit: - [2013-08-12 19:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)DRV:64bit: - [2013-08-09 20:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)DRV:64bit: - [2013-07-30 14:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)DRV:64bit: - [2013-07-25 15:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)DRV:64bit: - [2013-07-25 15:05:37 | 002,607,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)DRV:64bit: - [2013-06-18 10:46:17 | 000,591,360 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)DRV:64bit: - [2012-08-21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)DRV:64bit: - [2011-12-01 11:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol)DRV:64bit: - [2011-12-01 11:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp)DRV:64bit: - [2011-01-15 12:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)DRV:64bit: - [2011-01-12 04:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)DRV:64bit: - [2010-11-04 03:31:44 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)DRV:64bit: - [2010-10-19 18:12:58 | 000,274,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)DRV:64bit: - [2010-10-19 03:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)DRV:64bit: - [2010-10-14 11:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)DRV:64bit: - [2010-05-06 22:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)DRV:64bit: - [2010-03-19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)DRV:64bit: - [2009-12-30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)DRV:64bit: - [2009-11-19 08:45:08 | 000,299,568 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)DRV:64bit: - [2006-11-01 06:59:24 | 000,007,296 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02e3.sys -- (FUJ02E3)DRV:64bit: - [2006-11-01 06:20:28 | 000,007,808 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02b1.sys -- (FUJ02B1) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {80c554b9-c7f8-4a21-9471-06d606da78a2}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE:64bit: - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\..\SearchScopes,DefaultScope = {80c554b9-c7f8-4a21-9471-06d606da78a2}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://solutions.ca.fujitsu.comIE - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.comIE - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\InprocServer32 File not foundIE - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\..\URLSearchHook: {4daac69c-cba7-45e2-9bc8-1044483d3352} - No CLSID value foundIE - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}IE - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02IE - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\..\SearchScopes\{2B334F88-589D-40EF-B350-59F74987C670}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=CDS2&o=41648335&src=kw&q={searchTerms}&locale=&apn_ptnrs=9G&apn_dtid=YYYYYYYYCA&apn_uid=513453A9-4702-4088-AE67-C311856227DE&apn_sauid=609C4D62-D7E1-4C96-A32F-329F158C5245IE - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\..\SearchScopes\{58427BD9-BA45-4253-A902-2B090BA7BF59}: "URL" = http://www.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110731,17127,0,18,0IE - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJN_frCA439IE - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1IE - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll File not foundFF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Charlotte\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Charlotte\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8}: C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2015-03-22 15:50:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions[2012-02-16 21:48:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} ========== Chrome ========== CHR - default_search_provider: (Enabled)CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - plugin: Error reading preferences fileCHR - Extension: No name found = C:\Users\Charlotte\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfgjjmgfobfmaldmhdjobkjpnbcjbcmd\1.1\CHR - Extension: No name found = C:\Users\Charlotte\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.21_0\CHR - Extension: No name found = C:\Users\Charlotte\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\CHR - Extension: No name found = C:\Users\Charlotte\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\ O1 HOSTS File: ([2013-08-22 09:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O2 - BHO: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not foundO2 - BHO: (4Loot Toolbar BHO) - {D990D1E0-38E7-4E3C-943B-231D1D228497} - C:\Program Files (x86)\4Loot Toolbar\Toolbar.dll File not foundO2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O3 - HKLM\..\Toolbar: (4Loot Toolbar) - {03A17412-05A4-4F78-91B9-9907C460DC2B} - C:\Program Files (x86)\4Loot Toolbar\Toolbar.dll File not foundO3 - HKLM\..\Toolbar: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not foundO3 - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\..\Toolbar\WebBrowser: (4Loot Toolbar) - {03A17412-05A4-4F78-91B9-9907C460DC2B} - C:\Program Files (x86)\4Loot Toolbar\Toolbar.dll File not foundO3 - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\..\Toolbar\WebBrowser: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not foundO4:64bit: - HKLM..\Run: [FDM7] C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED)O4:64bit: - HKLM..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe (FUJITSU LIMITED)O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [igfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED)O4:64bit: - HKLM..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)O4 - HKLM..\Run: [bDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)O4 - HKLM..\Run: [EasyDownloads] C:\Program Files (x86)\Easy downloads\easydownloads.exe (http://izloader.com/) O4 - HKLM..\Run: [indicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)O4 - HKLM..\Run: [updatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe (CyberLink Corp.)O4 - HKU\S-1-5-21-575980163-2068655675-1454019340-1000..\Run: [Akamai NetSession Interface] "C:\Users\Charlotte\AppData\Local\Akamai\netsession_win.exe" File not foundO4 - HKU\S-1-5-21-575980163-2068655675-1454019340-1000..\Run: [DrvUpdater] C:\Users\Charlotte\AppData\Roaming\DRPSu\DrvUpdater.exe File not foundO4 - HKU\S-1-5-21-575980163-2068655675-1454019340-1000..\Run: [Facebook Update] C:\Users\Charlotte\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)O4 - Startup: C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Acrobat.lnk = C:\Users\Charlotte\AppData\Roaming\ACRV1.exe ()O4 - Startup: C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O7 - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 File not foundO8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not foundO8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not foundO8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\SysWow64\GPhotos.scr (Google Inc.)O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not foundO8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not foundO9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)O1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO15 - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\..Trusted Domains: aeriagames.com ([]http in Trusted sites)O15 - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\..Trusted Domains: aeriagames.com ([]https in Trusted sites)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab(Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab(Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab(Java Plug-in 10.7.2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab(Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A55D9F19-96A0-47EA-A4B1-D6B37520D5B1}: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6BBD6B3-64F8-434D-9C47-0163038DFC59}: DhcpNameServer = 10.141.1.10 10.141.129.10O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not foundO18 - Protocol\Handler\ms-help - No CLSID value foundO18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not foundO18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)O30 - LSA: Security Packages - (livessp) - File not foundO32 - HKLM CDRom: AutoRun - 1O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2015-03-22 19:23:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Charlotte\Desktop\OTL (1).exe[2015-03-22 18:23:58 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Roaming\dclogs[2015-03-22 17:21:27 | 000,000,000 | ---D | C] -- C:\FRST[2015-03-22 17:21:10 | 002,095,616 | ---- | C] (Farbar) -- C:\Users\Charlotte\Desktop\FRST64.exe[2015-03-22 16:46:03 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{4C0CC93A-BCA8-46B7-982B-B3D5774D81E0}[2015-03-22 16:16:03 | 000,000,000 | ---D | C] -- C:\Spacekace[2015-03-22 16:01:27 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{36E5386F-7EDF-4DFC-9883-0417C2E9BEFD}[2015-03-22 10:07:23 | 000,136,408 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys[2015-03-22 10:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware[2015-03-22 10:02:49 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys[2015-03-22 10:02:49 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mwac.sys[2015-03-22 10:02:49 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys[2015-03-22 10:02:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware[2015-03-22 09:59:59 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\VS Revo Group[2015-03-22 09:59:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro[2015-03-22 09:59:49 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\WINDOWS\SysNative\drivers\revoflt.sys[2015-03-22 09:59:49 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group[2015-03-22 09:59:46 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group[2015-03-22 09:53:39 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{D4788AFF-F818-42A2-9A63-C2A2E9ABE8D0}[2015-03-21 16:01:28 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{E38614A0-2A63-433F-9B1A-791B0B0CD5AA}[2015-03-21 12:01:41 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{0C7AC0C5-938C-4297-8277-6579693C8A41}[2015-03-20 11:40:11 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{5EE42A7C-84EE-4797-9EFE-D1A8DAC6F16E}[2015-03-16 23:17:28 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{BCCEBE1B-627C-4550-8185-B2C70C1436C7}[2015-03-16 08:50:54 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{03DA7C2C-E4CF-4527-9043-2F52EB057F9C}[2015-03-15 23:29:30 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{CA8F3491-928C-4C6F-A87A-63B29B70765C}[2015-03-15 10:33:45 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{A296C1F2-89BF-495D-9000-F4D0884D8B99}[2015-03-14 13:06:53 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{5349B5F0-7A7F-4E58-9026-EA2B45BB8635}[2015-03-12 23:39:46 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{F89052E2-71C5-40DB-9F6D-495BFC010F6E}[2015-03-12 07:36:49 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{D1ADA497-8A28-4BF5-A6E2-BDBA7B4FE890}[2015-03-11 19:13:35 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{80BC805D-4411-4D40-8992-EF0A3269B71B}[2015-03-11 08:39:46 | 000,723,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SHCore.dll[2015-03-11 08:39:46 | 000,560,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SHCore.dll[2015-03-11 08:39:39 | 000,358,912 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysNative\atmfd.dll[2015-03-11 08:39:38 | 000,301,056 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\atmfd.dll[2015-03-11 08:39:38 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fontsub.dll[2015-03-11 08:39:38 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\fontsub.dll[2015-03-11 08:39:38 | 000,044,032 | ---- | C] (Adobe Systems) -- C:\WINDOWS\SysNative\atmlib.dll[2015-03-11 08:39:38 | 000,035,840 | ---- | C] (Adobe Systems) -- C:\WINDOWS\SysWow64\atmlib.dll[2015-03-11 08:39:38 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dciman32.dll[2015-03-11 08:39:38 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lpk.dll[2015-03-11 08:39:36 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\photowiz.dll[2015-03-11 08:39:36 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\photowiz.dll[2015-03-11 08:39:25 | 001,091,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\localspl.dll[2015-03-11 08:39:25 | 000,864,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32spl.dll[2015-03-11 08:39:24 | 000,825,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\pmcsnap.dll[2015-03-11 08:39:24 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\puiobj.dll[2015-03-11 08:39:24 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\puiobj.dll[2015-03-11 08:39:24 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DafPrintProvider.dll[2015-03-11 08:39:24 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\DafPrintProvider.dll[2015-03-11 08:39:23 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\compstui.dll[2015-03-11 08:39:23 | 000,289,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\compstui.dll[2015-03-11 08:39:23 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ppcsnap.dll[2015-03-11 08:39:23 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\prnntfy.dll[2015-03-11 08:39:23 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\prnntfy.dll[2015-03-11 08:39:23 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\puiapi.dll[2015-03-11 08:39:23 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\puiapi.dll[2015-03-11 08:39:23 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\findnetprinters.dll[2015-03-11 08:39:22 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\findnetprinters.dll[2015-03-11 08:39:22 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\printui.exe[2015-03-11 08:39:22 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\printui.exe[2015-03-11 08:39:18 | 003,097,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msftedit.dll[2015-03-11 08:39:17 | 002,484,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msftedit.dll[2015-03-11 08:39:16 | 000,933,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\calc.exe[2015-03-11 08:39:16 | 000,816,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\calc.exe[2015-03-11 08:39:12 | 000,264,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdFilter.sys[2015-03-11 08:39:12 | 000,044,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdBoot.sys[2015-03-11 08:39:11 | 000,114,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdNisDrv.sys[2015-03-11 08:39:10 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winshfhc.dll[2015-03-11 08:39:09 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\winshfhc.dll[2015-03-11 08:38:30 | 003,547,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpcorets.dll[2015-03-11 08:38:30 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpudd.dll[2015-03-11 08:38:30 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rfxvmt.dll[2015-03-11 08:38:30 | 000,027,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\rdpvideominiport.sys[2015-03-11 08:38:27 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ubpm.dll[2015-03-11 08:38:19 | 007,472,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe[2015-03-11 08:38:19 | 001,733,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntdll.dll[2015-03-11 08:38:19 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\StorageContextHandler.dll[2015-03-11 08:38:19 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\StorageContextHandler.dll[2015-03-11 08:38:18 | 002,773,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll[2015-03-11 08:38:18 | 002,459,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll[2015-03-11 08:38:17 | 000,971,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSShared.dll[2015-03-11 08:38:17 | 000,811,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSShared.dll[2015-03-11 08:38:17 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.dll[2015-03-11 08:38:17 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll[2015-03-11 08:38:17 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll[2015-03-11 08:38:17 | 000,210,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll[2015-03-11 08:38:17 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSCollect.exe[2015-03-11 08:38:17 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSReset.exe[2015-03-11 08:38:16 | 002,257,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll[2015-03-11 08:38:16 | 001,943,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll[2015-03-11 08:38:15 | 004,298,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\D3DCompiler_47.dll[2015-03-11 08:38:15 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\atlthunk.dll[2015-03-11 08:38:15 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\atlthunk.dll[2015-03-11 08:38:14 | 003,551,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\D3DCompiler_47.dll[2015-03-11 08:38:14 | 001,488,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfc42u.dll[2015-03-11 08:38:14 | 001,464,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfc42.dll[2015-03-11 08:38:14 | 001,230,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfc42u.dll[2015-03-11 08:38:14 | 001,204,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfc42.dll[2015-03-11 08:38:12 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\eappcfg.dll[2015-03-11 08:38:12 | 000,339,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\eapphost.dll[2015-03-11 08:38:12 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\eapp3hst.dll[2015-03-11 08:38:12 | 000,278,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eappcfg.dll[2015-03-11 08:38:12 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eapphost.dll[2015-03-11 08:38:12 | 000,250,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eapp3hst.dll[2015-03-11 08:38:12 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\eappgnui.dll[2015-03-11 08:38:12 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eappgnui.dll[2015-03-11 08:38:12 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\eappprxy.dll[2015-03-11 08:38:12 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eappprxy.dll[2015-03-11 08:38:05 | 006,035,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll[2015-03-11 08:37:56 | 002,125,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl[2015-03-11 08:37:56 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll[2015-03-11 08:37:56 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iepeers.dll[2015-03-11 08:37:55 | 002,865,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\actxprxy.dll[2015-03-11 08:37:55 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl[2015-03-11 08:37:55 | 000,816,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript.dll[2015-03-11 08:37:55 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9diag.dll[2015-03-11 08:37:55 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll[2015-03-11 08:37:55 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtrans.dll[2015-03-11 08:37:55 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iepeers.dll[2015-03-11 08:37:55 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mshtmled.dll[2015-03-11 08:37:55 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MshtmlDac.dll[2015-03-11 08:37:55 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mshtmled.dll[2015-03-11 08:37:55 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MshtmlDac.dll[2015-03-11 08:37:54 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll[2015-03-11 08:37:54 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll[2015-03-11 08:37:54 | 000,664,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript.dll[2015-03-11 08:37:50 | 001,763,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WindowsCodecs.dll[2015-03-11 08:37:50 | 000,046,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LockScreenContentServer.exe[2015-03-11 08:37:43 | 002,501,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe[2015-03-11 08:37:43 | 002,207,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\explorer.exe[2015-03-11 08:37:43 | 001,090,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MrmCoreR.dll[2015-03-11 08:37:43 | 000,791,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MrmCoreR.dll[2015-03-11 08:37:43 | 000,402,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMPhoto.dll[2015-03-11 08:37:43 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WMPhoto.dll[2015-03-11 08:37:42 | 001,384,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msctf.dll[2015-03-11 08:31:37 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{1E43BB38-4BC5-4B62-BB59-AF829C0CC198}[2015-03-09 09:20:16 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{213CEF8B-ABEC-4A02-AADD-C10ED62F37A6}[2015-03-08 09:22:03 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{645270A2-0EB3-4E4D-8527-1D92CF9923CE}[2015-02-26 18:59:49 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{1A8B6889-A6A1-4C4D-B366-FECA49B2F745}[2015-02-25 08:52:08 | 001,200,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Globalization.dll[2015-02-25 08:52:07 | 000,868,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Globalization.dll[2015-02-25 08:52:06 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GlobCollationHost.dll[2015-02-25 08:52:05 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GlobCollationHost.dll[2015-02-23 23:21:20 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{AF7950B7-7748-44B8-BB53-836BEE64C8DC}[2015-02-22 14:01:08 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{92191E1F-1CC4-47E7-890A-D2703C75EC31}[2015-02-21 23:23:20 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{4A625FE4-7B44-4325-AF0D-CD7882E201DF}[2015-02-21 11:15:29 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{8B09AD81-E709-4FB6-93F6-E7BE4AB4A5C8}[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2015-03-22 19:25:15 | 000,136,408 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys[2015-03-22 19:23:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Charlotte\Desktop\OTL (1).exe[2015-03-22 19:16:44 | 000,001,102 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job[2015-03-22 19:16:44 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job[2015-03-22 19:14:34 | 000,000,944 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-575980163-2068655675-1454019340-1000UA.job[2015-03-22 18:44:00 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job[2015-03-22 18:23:31 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2015-03-22 18:22:02 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\DriverToolkit Autorun.job[2015-03-22 18:21:26 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys[2015-03-22 18:21:19 | 3152,502,784 | -HS- | M] () -- C:\hiberfil.sys[2015-03-22 18:18:01 | 020,316,760 | ---- | M] () -- C:\Users\Charlotte\Desktop\RogueKillerX64.exe[2015-03-22 17:21:04 | 002,095,616 | ---- | M] (Farbar) -- C:\Users\Charlotte\Desktop\FRST64.exe[2015-03-22 16:29:57 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin[2015-03-22 10:03:03 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2015-03-22 09:29:02 | 000,000,093 | ---- | M] () -- C:\Users\Charlotte\AppData\Roaming\WB.CFG[2015-03-21 22:14:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-575980163-2068655675-1454019340-1000Core.job[2015-03-19 22:17:48 | 000,002,201 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk[2015-03-19 17:00:44 | 002,107,562 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI[2015-03-19 17:00:44 | 000,920,524 | ---- | M] () -- C:\WINDOWS\SysNative\perfh00C.dat[2015-03-19 17:00:44 | 000,816,048 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat[2015-03-19 17:00:44 | 000,202,238 | ---- | M] () -- C:\WINDOWS\SysNative\perfc00C.dat[2015-03-19 17:00:44 | 000,169,052 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat[2015-03-17 08:16:11 | 000,000,847 | ---- | M] () -- C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Acrobat.lnk[2015-03-17 06:15:40 | 000,064,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mwac.sys[2015-03-17 06:15:28 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys[2015-03-17 06:15:24 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys[2015-03-16 08:07:21 | 001,987,585 | ---- | M] () -- C:\Users\Charlotte\AppData\Roaming\ACRV1.exe[2015-03-15 11:34:06 | 000,001,250 | ---- | M] () -- C:\Users\Charlotte\AppData\Roaming\~windump.bat[2015-03-14 13:56:10 | 000,001,362 | ---- | M] () -- C:\Users\Public\Desktop\Les Sims 4.lnk[2015-03-12 07:07:21 | 000,518,008 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT[2015-03-11 08:31:25 | 000,001,201 | ---- | M] () -- C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk[2015-03-11 08:31:19 | 000,001,083 | ---- | M] () -- C:\Users\Charlotte\Desktop\Dropbox.lnk[2015-03-04 17:24:42 | 000,792,032 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe[2015-03-04 17:24:42 | 000,178,144 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl[2015-02-20 20:27:45 | 000,128,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iepeers.dll[2015-02-20 19:58:53 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mshtmled.dll[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2015-03-22 18:18:05 | 020,316,760 | ---- | C] () -- C:\Users\Charlotte\Desktop\RogueKillerX64.exe[2015-03-22 15:55:16 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin[2015-03-22 10:03:03 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2015-03-16 08:07:23 | 000,000,847 | ---- | C] () -- C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Acrobat.lnk[2015-03-16 08:07:20 | 001,987,585 | ---- | C] () -- C:\Users\Charlotte\AppData\Roaming\ACRV1.exe[2015-03-15 11:34:06 | 000,001,250 | ---- | C] () -- C:\Users\Charlotte\AppData\Roaming\~windump.bat[2015-03-11 08:38:33 | 000,396,419 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml[2015-01-09 21:29:03 | 000,000,093 | ---- | C] () -- C:\Users\Charlotte\AppData\Roaming\WB.CFG[2014-07-02 19:50:47 | 000,043,520 | ---- | C] () -- C:\WINDOWS\SysWow64\CmdLineExt03.dll[2014-07-01 19:46:03 | 000,021,840 | ---- | C] () -- C:\WINDOWS\SysWow64\SIntfNT.dll[2014-07-01 19:46:03 | 000,017,212 | ---- | C] () -- C:\WINDOWS\SysWow64\SIntf32.dll[2014-07-01 19:46:03 | 000,012,067 | ---- | C] () -- C:\WINDOWS\SysWow64\SIntf16.dll[2014-04-18 08:57:20 | 002,039,104 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI[2014-03-18 06:14:16 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini[2014-03-18 06:13:41 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll[2014-01-29 23:02:42 | 000,272,928 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng600.bin[2014-01-29 23:02:22 | 000,077,312 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll[2014-01-29 23:02:20 | 000,963,452 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng600.bin[2013-11-05 22:03:21 | 000,000,034 | ---- | C] () -- C:\WINDOWS\SysWow64\BD2170W.DAT[2013-08-22 11:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat[2013-08-22 11:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT[2013-08-22 10:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat[2013-08-22 03:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin[2013-08-21 23:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll[2013-08-21 19:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll[2013-08-21 19:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat[2013-06-03 22:46:43 | 000,007,654 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\Resmon.ResmonCfg[2013-06-03 22:40:02 | 000,076,924 | ---- | C] () -- C:\ProgramData\1370313573.bdinstall.bin[2013-06-03 22:39:33 | 000,022,725 | ---- | C] () -- C:\ProgramData\1370313570.bdinstall.bin[2013-06-03 22:29:19 | 000,180,459 | ---- | C] () -- C:\ProgramData\1370312308.bdinstall.bin[2013-06-03 22:28:27 | 000,134,934 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\ars.cache[2013-06-03 22:11:19 | 000,000,036 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\housecall.guid.cache[2013-04-26 06:59:58 | 000,000,001 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\socialextraschrome.dat[2013-04-21 20:45:25 | 000,000,441 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI[2013-04-21 20:45:25 | 000,000,034 | ---- | C] () -- C:\WINDOWS\SysWow64\BD2140.DAT[2012-06-16 10:04:34 | 000,005,632 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2011-12-07 18:38:31 | 000,000,008 | ---- | C] () -- C:\Users\Charlotte\AppData\Roaming\DofusAppId0_1[2011-12-04 16:20:13 | 000,000,129 | ---- | C] () -- C:\Users\Charlotte\AppData\Roaming\D2Info0[2011-12-04 16:20:13 | 000,000,008 | ---- | C] () -- C:\Users\Charlotte\AppData\Roaming\DofusAppId0_2[2011-08-21 19:52:22 | 000,000,000 | ---- | C] () -- C:\Users\Charlotte\AppData\Roaming\chrtmp ========== ZeroAccess Check ========== [2014-08-13 12:05:09 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2015-02-12 13:40:58 | 022,291,584 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2015-02-12 13:34:06 | 019,731,824 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013-08-22 05:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2013-08-21 22:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013-08-22 05:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011-12-04 16:20:15 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\app[2014-10-26 22:19:36 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Audacity[2011-08-19 23:48:53 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Babylon[2015-03-22 18:24:16 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\dclogs[2015-03-22 18:23:02 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Dropbox[2014-05-14 19:33:35 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\InfraRecorder[2013-04-11 19:09:58 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\JRT Studio[2014-12-25 15:38:07 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Mael[2013-01-24 22:14:44 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\MakeMusic[2014-12-22 13:53:51 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Origin[2012-12-10 07:58:00 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\PerformerSoft[2011-07-23 15:28:11 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\PhotoFiltre[2014-11-29 16:13:13 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\PhotoFiltre 7[2013-06-03 22:18:59 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\QuickScan[2014-05-04 20:55:53 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\REAPER[2011-12-04 16:20:15 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1[2013-09-29 22:04:10 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\SimpleFiles[2011-12-04 19:56:04 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\SoftGrid Client[2014-01-14 00:31:42 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Unity[2011-07-13 19:40:12 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Windows Live Writer[2011-07-07 19:33:07 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\SoftGrid Client[2011-07-07 19:30:38 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\TP ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 220 bytes -> C:\Users\Charlotte\OneDrive:ms-properties < End of report >
  5. dontchaae
    I re-did a scan with malwarebytes, because in the last ones the problematic files were absent, so there you go: Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 2015-03-22Scan Time: 17:58:14Logfile: Administrator: Yes Version: 2.01.4.1018Malware Database: v2015.03.22.06Rootkit Database: v2015.02.25.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 8.1CPU: x64File System: NTFSUser: Charlotte Scan Type: Custom ScanResult: CancelledObjects Scanned: 411700Time Elapsed: 9 min, 37 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 1Malware.Trace, HKU\S-1-5-21-575980163-2068655675-1454019340-1000\SOFTWARE\DC3_FEXEC, Quarantined, [4a44a2a6a3e71c1ac0672f7734d0ce32], Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 1Stolen.Data, C:\Users\Charlotte\AppData\Roaming\dclogs, Quarantined, [c4ca0f396822290d447fb123b45033cd], Files: 2Stolen.Data, C:\Users\Charlotte\AppData\Roaming\dclogs\2015-03-22-1.dc, Quarantined, [c4ca0f396822290d447fb123b45033cd], Stolen.Data, C:\Users\Charlotte\AppData\Roaming\dclogs\desktop.ini, Quarantined, [c4ca0f396822290d447fb123b45033cd], Physical Sectors: 0(No malicious items detected) (end) This is the Addition.txt file in its whole, I didn't modify it: dditional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015Ran by Charlotte at 2015-03-22 17:24:43Running from C:\Users\Charlotte\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) This is the virus total scan result: CopyrightCopyright © 2014Product PatchOriginal name patch.exeInternal name patch.exeFile version 1.0.0.5Description patch PE header basic informationTarget machine Intel 386 or later processors and compatible processorsCompilation timestamp 2015-02-08 20:12:52Entry Point 0x001CD45ENumber of sections 4 PE sectionsName Virtual address Virtual size Raw size Entropy MD5.text 8192 1881188 1881600 7.33 8babe58287932e22084c9b73a05212a3.sdata 1892352 312 512 1.77 466b31c3a5dc7cb69b70ae0326ae3805.rsrc 1900544 103848 103936 4.36 fc3a80205c9c6bdf04e02e9bdd981b72.reloc 2007040 12 512 0.10 e8962f6482908ef00e263f29eb203992 PE imports[+] mscoree.dll Number of PE resources by typeRT_ICON 5RT_MANIFEST 1RT_VERSION 1RT_GROUP_ICON 1 Number of PE resources by languageNEUTRAL 8 ExifTool file metadataSubsystemVersion4.0LinkerVersion11.0ImageVersion0.0FileSubtype0FileVersionNumber1.0.0.5UninitializedDataSize0LanguageCodeNeutralFileFlagsMask0x003fCharacterSetUnicodeInitializedDataSize104960FileOSWin32MIMETypeapplication/octet-streamLegalCopyrightCopyright 2014FileVersion1.0.0.5TimeStamp2015:02:08 21:12:52+01:00FileTypeWin32 EXEPETypePE32InternalNamepatch.exeProductVersion1.0.0.5FileDescriptionpatchOSVersion4.0OriginalFilenamepatch.exeSubsystemWindows GUIMachineTypeIntel 386 or later, and compatiblesCodeSize1881600ProductNamePatchProductVersionNumber1.0.0.5EntryPoint0x1cd45eObjectFileTypeExecutable applicationAssemblyVersion1.0.0.5
  6. dontchaae
    Here is the Malwarebytes scan log: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 2015-03-22 Scan Time: 15:43:15 Logfile: Administrator: Yes Version: 2.01.4.1018 Malware Database: v2015.03.22.06 Rootkit Database: v2015.02.25.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: Charlotte Scan Type: Custom Scan Result: Cancelled Objects Scanned: 228060 Time Elapsed: 1 hr, 19 min, 53 sec Memory: Disabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 1 PUP.Optional.Babylon.A, HKU\S-1-5-21-575980163-2068655675-1454019340-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Quarantined, [f39b4efa068464d24b1d3beba55e23dd], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 PUP.Optional.OpenCandy, C:\Program Files (x86)\FrostWire 5\OCSetupHlp.dll, Quarantined, [622c58f0820852e4234d4ecb18ee7c84], Physical Sectors: 0 (No malicious items detected) (end) And here is the Farbar scan log: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by Charlotte (administrator) on CHARLOTTE-PC on 22-03-2015 17:31:03 Running from C:\Users\Charlotte\Desktop Loaded Profiles: Charlotte (Available profiles: Charlotte & Jeff & DefaultAppPool) Platform: Windows 8.1 Pro (X64) OS Language: Français (France) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe (FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (Dropbox, Inc.) C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\Dropbox.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1886504 2009-11-19] (Synaptics Incorporated) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11580520 2010-11-09] (Realtek Semiconductor) HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation) HKLM\...\Run: [FDM7] => C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-25] (FUJITSU LIMITED) HKLM\...\Run: [FJUPDNV_Chitose] => C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe [157184 2010-01-12] (FUJITSU LIMITED) HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [21616 2010-07-09] (FUJITSU LIMITED) HKLM\...\Run: [LoadFUJ02E3] => C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [45680 2010-06-08] (FUJITSU LIMITED) HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [162416 2010-07-16] (FUJITSU LIMITED) HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [200552 2011-01-12] (FUJITSU LIMITED) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.) HKLM-x32\...\Run: [bDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-12-08] (cyberlink) HKLM-x32\...\Run: [EasyDownloads] => C:\Program Files (x86)\Easy downloads\easydownloads.exe [854040 2011-10-20] (http://izloader.com/) HKLM-x32\...\Run: [indicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [48752 2010-09-29] (FUJITSU LIMITED) HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [updatePDRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.) HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2011-03-05] (CyberLink) HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [228448 2011-03-05] (CyberLink Corp.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-575980163-2068655675-1454019340-1000\...\Run: [Facebook Update] => C:\Users\Charlotte\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-11-21] (Facebook Inc.) HKU\S-1-5-21-575980163-2068655675-1454019340-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Charlotte\AppData\Local\Akamai\netsession_win.exe" HKU\S-1-5-21-575980163-2068655675-1454019340-1000\...\Run: [DrvUpdater] => C:\Users\Charlotte\AppData\Roaming\DRPSu\DrvUpdater.exe HKU\S-1-5-21-575980163-2068655675-1454019340-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [786432 2013-08-22] (Microsoft Corporation) Startup: C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Acrobat.lnk ShortcutTarget: Acrobat.lnk -> C:\Users\Charlotte\AppData\Roaming\ACRV1.exe () Startup: C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-575980163-2068655675-1454019340-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://solutions.ca.fujitsu.com URLSearchHook: HKU\S-1-5-21-575980163-2068655675-1454019340-1000 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File URLSearchHook: HKU\S-1-5-21-575980163-2068655675-1454019340-1000 - (No Name) - {4daac69c-cba7-45e2-9bc8-1044483d3352} - No File SearchScopes: HKLM -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM-x32 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-575980163-2068655675-1454019340-1000 -> {2B334F88-589D-40EF-B350-59F74987C670} URL = http://websearch.ask.com/redirect?client=ie&tb=CDS2&o=41648335&src=kw&q={searchTerms}&locale=&apn_ptnrs=9G&apn_dtid=YYYYYYYYCA&apn_uid=513453A9-4702-4088-AE67-C311856227DE&apn_sauid=609C4D62-D7E1-4C96-A32F-329F158C5245 SearchScopes: HKU\S-1-5-21-575980163-2068655675-1454019340-1000 -> {58427BD9-BA45-4253-A902-2B090BA7BF59} URL = http://www.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110731,17127,0,18,0 SearchScopes: HKU\S-1-5-21-575980163-2068655675-1454019340-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-09-06] (Oracle Corporation) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: CrowdStar Gamebar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File BHO-x32: 4Loot Toolbar BHO -> {D990D1E0-38E7-4E3C-943B-231D1D228497} -> C:\Program Files (x86)\4Loot Toolbar\Toolbar.dll No File BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-09-06] (Oracle Corporation) Toolbar: HKLM-x32 - 4Loot Toolbar - {03A17412-05A4-4F78-91B9-9907C460DC2B} - C:\Program Files (x86)\4Loot Toolbar\Toolbar.dll No File Toolbar: HKLM-x32 - CrowdStar Gamebar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File Toolbar: HKU\S-1-5-21-575980163-2068655675-1454019340-1000 -> No Name - {03A17412-05A4-4F78-91B9-9907C460DC2B} - No File Toolbar: HKU\S-1-5-21-575980163-2068655675-1454019340-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-575980163-2068655675-1454019340-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2012-09-06] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-09-06] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2011-11-26] (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-03-16] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-575980163-2068655675-1454019340-1000: @doubletwist.com/NPPodcast -> C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll No File FF Plugin HKU\S-1-5-21-575980163-2068655675-1454019340-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Charlotte\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Plugin HKU\S-1-5-21-575980163-2068655675-1454019340-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Charlotte\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-575980163-2068655675-1454019340-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2011-11-26] (Pando Networks) FF Plugin HKU\S-1-5-21-575980163-2068655675-1454019340-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-10-16] FF HKU\S-1-5-21-575980163-2068655675-1454019340-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR HomePage: Default -> https://www.google.ca/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8 CHR StartupUrls: Default -> "https://www.facebook.com/","hxxp://www.youtube.com/?gl=FR&hl=fr", "hxxp://www.tumblr.com/" CHR Profile: C:\Users\Charlotte\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (YTBiookMMArk) - C:\Users\Charlotte\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfgjjmgfobfmaldmhdjobkjpnbcjbcmd [2014-01-05] CHR Extension: (AdBlock) - C:\Users\Charlotte\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-10] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Charlotte\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12] CHR Extension: (Google Wallet) - C:\Users\Charlotte\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR HKLM-x32\...\Chrome\Extension: [kolgnaidildmdbfgdnoapjdianbpajne] - C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx [Not Found] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [240112 2010-11-04] (CyberLink) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation) R2 MSMQ; C:\Windows\system32\mqsvc.exe [25600 2014-04-18] (Microsoft Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-14] (Electronic Arts) R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2010-06-17] (FUJITSU LIMITED) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] () R2 UpdateNaviInstallService; C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe [14336 2009-09-30] (FUJITSU LIMITED) [File not signed] S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-18] (Microsoft Corporation) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2014-04-18] (Microsoft Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [274432 2010-10-19] (Intel Corporation) [File not signed] R3 FUJ02B1; C:\Windows\System32\drivers\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED) R3 FUJ02E3; C:\Windows\System32\drivers\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED) S3 iBtFltCoex; C:\Windows\System32\DRIVERS\iBtFltCoex.sys [59904 2010-11-04] (Intel Corporation) [File not signed] R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-03-22] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation) R3 MQAC; C:\Windows\System32\drivers\mqac.sys [173568 2014-04-18] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation) U3 idsvc; No ImagePath S1 MpKsl145a53ff; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1BFDA7FD-ED32-46F4-80EF-06485EE7D967}\MpKsl145a53ff.sys [X] S3 SNP2UVC; \SystemRoot\system32\DRIVERS\snp2uvc.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-22 17:24 - 2015-03-22 17:24 - 00000760 _____ () C:\Users\Charlotte\Desktop\Addition.txt 2015-03-22 17:22 - 2015-03-22 17:31 - 00023326 _____ () C:\Users\Charlotte\Desktop\FRST.txt 2015-03-22 17:21 - 2015-03-22 17:31 - 00000000 ____D () C:\FRST 2015-03-22 17:21 - 2015-03-22 17:21 - 02095616 _____ (Farbar) C:\Users\Charlotte\Downloads\FRST64.exe 2015-03-22 17:21 - 2015-03-22 17:21 - 02095616 _____ (Farbar) C:\Users\Charlotte\Desktop\FRST64.exe 2015-03-22 16:46 - 2015-03-22 16:46 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{4C0CC93A-BCA8-46B7-982B-B3D5774D81E0} 2015-03-22 16:40 - 2015-03-22 16:40 - 02241760 _____ (www.PCFixKit.com ) C:\Users\Charlotte\Downloads\PCFixKit_Setup.exe 2015-03-22 16:21 - 2015-03-22 16:47 - 00208518 _____ () C:\Users\Charlotte\Desktop\OTL.Txt 2015-03-22 16:16 - 2015-03-22 16:16 - 00000000 ____D () C:\Spacekace 2015-03-22 16:01 - 2015-03-22 16:01 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{36E5386F-7EDF-4DFC-9883-0417C2E9BEFD} 2015-03-22 15:55 - 2015-03-22 16:29 - 00000512 _____ () C:\PhysicalMBR.bin 2015-03-22 15:41 - 2015-03-22 15:41 - 00602112 _____ (OldTimer Tools) C:\Users\Charlotte\Downloads\OTL.exe 2015-03-22 15:41 - 2015-03-22 15:41 - 00602112 _____ (OldTimer Tools) C:\Users\Charlotte\Desktop\OTL.exe 2015-03-22 10:07 - 2015-03-22 17:05 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-03-22 10:03 - 2015-03-22 10:03 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-03-22 10:03 - 2015-03-22 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-03-22 10:02 - 2015-03-22 10:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-03-22 10:02 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-03-22 10:02 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-03-22 10:02 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-03-22 10:01 - 2015-03-22 10:02 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Charlotte\Downloads\mbam-setup-2.1.4.1018 (1).exe 2015-03-22 10:01 - 2015-03-22 10:01 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Charlotte\Downloads\mbam-setup-2.1.4.1018.exe 2015-03-22 09:59 - 2015-03-22 09:59 - 00001093 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk 2015-03-22 09:59 - 2015-03-22 09:59 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\VS Revo Group 2015-03-22 09:59 - 2015-03-22 09:59 - 00000000 ____D () C:\ProgramData\VS Revo Group 2015-03-22 09:59 - 2015-03-22 09:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro 2015-03-22 09:59 - 2015-03-22 09:59 - 00000000 ____D () C:\Program Files\VS Revo Group 2015-03-22 09:59 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys 2015-03-22 09:58 - 2015-03-22 09:59 - 10801480 _____ (VS Revo Group ) C:\Users\Charlotte\Downloads\RevoUninProSetup.exe 2015-03-22 09:58 - 2015-03-22 09:58 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Charlotte\Downloads\revosetup.exe 2015-03-22 09:53 - 2015-03-22 09:53 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{D4788AFF-F818-42A2-9A63-C2A2E9ABE8D0} 2015-03-21 17:53 - 2015-03-21 17:53 - 00347816 _____ (Microsoft Corporation) C:\Users\Charlotte\Downloads\MicrosoftFixit.Devices.Run.exe 2015-03-21 16:01 - 2015-03-21 16:01 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{E38614A0-2A63-433F-9B1A-791B0B0CD5AA} 2015-03-21 12:01 - 2015-03-21 12:01 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{0C7AC0C5-938C-4297-8277-6579693C8A41} 2015-03-20 11:40 - 2015-03-20 11:40 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{5EE42A7C-84EE-4797-9EFE-D1A8DAC6F16E} 2015-03-16 23:17 - 2015-03-16 23:17 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{BCCEBE1B-627C-4550-8185-B2C70C1436C7} 2015-03-16 08:50 - 2015-03-16 08:50 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{03DA7C2C-E4CF-4527-9043-2F52EB057F9C} 2015-03-16 08:07 - 2015-03-16 08:07 - 01987585 _____ () C:\Users\Charlotte\AppData\Roaming\ACRV1.exe 2015-03-15 23:29 - 2015-03-15 23:29 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{CA8F3491-928C-4C6F-A87A-63B29B70765C} 2015-03-15 11:34 - 2015-03-15 11:34 - 00001250 _____ () C:\Users\Charlotte\AppData\Roaming\~windump.bat 2015-03-15 11:10 - 2015-03-15 11:21 - 00000000 ____D () C:\Users\Charlotte\Downloads\The Sims 4 Outdoor-Retreat Incl. Update 8 MULTi2 2015-03-15 11:09 - 2015-03-15 11:09 - 00014343 _____ () C:\Users\Charlotte\Downloads\TheSims4Outdoor-RetreatIncl.Update8MULTi2 - ThePirateBay.TO.torrent 2015-03-15 10:33 - 2015-03-15 10:33 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{A296C1F2-89BF-495D-9000-F4D0884D8B99} 2015-03-14 17:12 - 2015-03-14 17:12 - 17598137 _____ () C:\Users\Charlotte\Downloads\1279314.zip 2015-03-14 17:11 - 2015-03-14 17:11 - 00225535 _____ () C:\Users\Charlotte\Downloads\Flamingo@BrandonTR.zip 2015-03-14 13:06 - 2015-03-14 13:06 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{5349B5F0-7A7F-4E58-9026-EA2B45BB8635} 2015-03-12 23:39 - 2015-03-12 23:39 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{F89052E2-71C5-40DB-9F6D-495BFC010F6E} 2015-03-12 07:36 - 2015-03-12 07:36 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{D1ADA497-8A28-4BF5-A6E2-BDBA7B4FE890} 2015-03-11 19:13 - 2015-03-11 19:13 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{80BC805D-4411-4D40-8992-EF0A3269B71B} 2015-03-11 08:39 - 2015-03-05 22:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2015-03-11 08:39 - 2015-03-05 22:33 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2015-03-11 08:39 - 2015-02-25 19:26 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2015-03-11 08:39 - 2015-02-19 23:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2015-03-11 08:39 - 2015-02-19 22:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2015-03-11 08:39 - 2015-02-19 22:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2015-03-11 08:39 - 2015-02-19 22:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2015-03-11 08:39 - 2015-02-03 19:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys 2015-03-11 08:39 - 2015-02-03 19:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys 2015-03-11 08:39 - 2015-02-03 19:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys 2015-03-11 08:39 - 2015-02-02 19:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll 2015-03-11 08:39 - 2015-02-02 19:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll 2015-03-11 08:39 - 2015-01-30 19:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll 2015-03-11 08:39 - 2015-01-30 19:29 - 02484224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll 2015-03-11 08:39 - 2015-01-28 21:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll 2015-03-11 08:39 - 2015-01-28 21:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll 2015-03-11 08:39 - 2015-01-28 21:04 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll 2015-03-11 08:39 - 2015-01-28 21:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll 2015-03-11 08:39 - 2015-01-26 23:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe 2015-03-11 08:39 - 2015-01-23 21:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe 2015-03-11 08:39 - 2015-01-23 03:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll 2015-03-11 08:39 - 2015-01-23 01:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll 2015-03-11 08:39 - 2014-10-28 22:49 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll 2015-03-11 08:39 - 2014-10-28 22:44 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2015-03-11 08:39 - 2014-10-28 22:44 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll 2015-03-11 08:39 - 2014-10-28 22:43 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.exe 2015-03-11 08:39 - 2014-10-28 22:34 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll 2015-03-11 08:39 - 2014-10-28 22:04 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\findnetprinters.dll 2015-03-11 08:39 - 2014-10-28 22:04 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll 2015-03-11 08:39 - 2014-10-28 22:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2015-03-11 08:39 - 2014-10-28 22:00 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll 2015-03-11 08:39 - 2014-10-28 21:58 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.exe 2015-03-11 08:39 - 2014-10-28 21:52 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll 2015-03-11 08:39 - 2014-10-28 21:51 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll 2015-03-11 08:39 - 2014-10-28 21:48 - 00825856 _____ (Microsoft Corporation) C:\WINDOWS\system32\pmcsnap.dll 2015-03-11 08:39 - 2014-10-28 21:45 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ppcsnap.dll 2015-03-11 08:39 - 2014-10-28 21:45 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll 2015-03-11 08:39 - 2014-10-28 21:28 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\findnetprinters.dll 2015-03-11 08:39 - 2014-10-28 21:20 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll 2015-03-11 08:39 - 2014-10-28 21:15 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll 2015-03-11 08:39 - 2014-10-28 20:55 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll 2015-03-11 08:39 - 2014-10-28 20:44 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll 2015-03-11 08:39 - 2014-10-28 20:41 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll 2015-03-11 08:39 - 2014-10-28 20:35 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll 2015-03-11 08:38 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-03-11 08:38 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-03-11 08:38 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-03-11 08:38 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-03-11 08:38 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-03-11 08:38 - 2015-02-06 19:09 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2015-03-11 08:38 - 2015-02-05 21:28 - 02257408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2015-03-11 08:38 - 2015-02-05 21:08 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2015-03-11 08:38 - 2015-02-05 16:24 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2015-03-11 08:38 - 2015-02-02 20:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll 2015-03-11 08:38 - 2015-02-02 20:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll 2015-03-11 08:38 - 2015-01-30 19:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll 2015-03-11 08:38 - 2015-01-29 23:01 - 00097792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys 2015-03-11 08:38 - 2015-01-29 22:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll 2015-03-11 08:38 - 2015-01-29 22:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll 2015-03-11 08:38 - 2015-01-29 22:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll 2015-03-11 08:38 - 2015-01-29 21:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll 2015-03-11 08:38 - 2015-01-29 21:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll 2015-03-11 08:38 - 2015-01-29 21:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll 2015-03-11 08:38 - 2015-01-29 21:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll 2015-03-11 08:38 - 2015-01-29 21:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll 2015-03-11 08:38 - 2015-01-29 21:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll 2015-03-11 08:38 - 2015-01-29 21:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll 2015-03-11 08:38 - 2015-01-29 21:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll 2015-03-11 08:38 - 2015-01-29 21:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll 2015-03-11 08:38 - 2015-01-29 21:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll 2015-03-11 08:38 - 2015-01-28 21:11 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2015-03-11 08:38 - 2015-01-28 21:00 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2015-03-11 08:38 - 2015-01-28 20:59 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2015-03-11 08:38 - 2015-01-28 20:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2015-03-11 08:38 - 2015-01-28 20:50 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2015-03-11 08:38 - 2015-01-28 20:49 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2015-03-11 08:38 - 2015-01-28 11:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2015-03-11 08:38 - 2015-01-28 11:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-03-11 08:38 - 2015-01-28 11:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-03-11 08:38 - 2015-01-27 22:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll 2015-03-11 08:38 - 2015-01-27 21:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll 2015-03-11 08:38 - 2015-01-27 00:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2015-03-11 08:38 - 2015-01-26 22:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2015-03-11 08:38 - 2014-10-28 23:56 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys 2015-03-11 08:38 - 2014-10-28 22:37 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll 2015-03-11 08:38 - 2014-10-28 22:34 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe 2015-03-11 08:38 - 2014-10-28 22:34 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe 2015-03-11 08:38 - 2014-10-28 21:28 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\atlthunk.dll 2015-03-11 08:38 - 2014-10-28 21:19 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappprxy.dll 2015-03-11 08:38 - 2014-10-28 21:13 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2015-03-11 08:38 - 2014-10-28 20:59 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappprxy.dll 2015-03-11 08:38 - 2014-10-28 20:55 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll 2015-03-11 08:37 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2015-03-11 08:37 - 2015-02-20 20:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2015-03-11 08:37 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2015-03-11 08:37 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2015-03-11 08:37 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-03-11 08:37 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-03-11 08:37 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2015-03-11 08:37 - 2015-02-19 22:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2015-03-11 08:37 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2015-03-11 08:37 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-03-11 08:37 - 2015-02-19 22:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2015-03-11 08:37 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2015-03-11 08:37 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2015-03-11 08:37 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-03-11 08:37 - 2015-02-19 21:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2015-03-11 08:37 - 2015-02-19 21:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2015-03-11 08:37 - 2015-02-19 21:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2015-03-11 08:37 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2015-03-11 08:37 - 2015-02-19 21:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2015-03-11 08:37 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2015-03-11 08:37 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-03-11 08:37 - 2015-02-19 21:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2015-03-11 08:37 - 2015-02-19 21:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2015-03-11 08:37 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2015-03-11 08:37 - 2015-02-19 21:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2015-03-11 08:37 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2015-03-11 08:37 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2015-03-11 08:37 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2015-03-11 08:37 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2015-03-11 08:37 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2015-03-11 08:37 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2015-03-11 08:37 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2015-03-11 08:37 - 2015-02-12 13:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2015-03-11 08:37 - 2015-02-12 13:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2015-03-11 08:37 - 2015-02-07 19:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2015-03-11 08:37 - 2015-02-07 19:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll 2015-03-11 08:37 - 2015-01-29 14:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2015-03-11 08:37 - 2015-01-29 14:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2015-03-11 08:37 - 2015-01-27 21:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll 2015-03-11 08:37 - 2015-01-27 21:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll 2015-03-11 08:37 - 2015-01-27 19:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2015-03-11 08:37 - 2015-01-27 19:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2015-03-11 08:37 - 2015-01-21 01:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2015-03-11 08:37 - 2015-01-21 01:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2015-03-11 08:37 - 2014-12-11 01:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe 2015-03-11 08:31 - 2015-03-11 08:31 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{1E43BB38-4BC5-4B62-BB59-AF829C0CC198} 2015-03-09 09:20 - 2015-03-09 09:20 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{213CEF8B-ABEC-4A02-AADD-C10ED62F37A6} 2015-03-08 09:22 - 2015-03-08 09:22 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{645270A2-0EB3-4E4D-8527-1D92CF9923CE} 2015-02-26 18:59 - 2015-02-26 18:59 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{1A8B6889-A6A1-4C4D-B366-FECA49B2F745} 2015-02-25 08:52 - 2014-12-13 17:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls 2015-02-25 08:52 - 2014-12-13 17:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls 2015-02-25 08:52 - 2014-10-28 21:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll 2015-02-25 08:52 - 2014-10-28 21:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll 2015-02-25 08:52 - 2014-10-28 21:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll 2015-02-25 08:52 - 2014-10-28 21:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll 2015-02-23 23:21 - 2015-02-23 23:21 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{AF7950B7-7748-44B8-BB53-836BEE64C8DC} 2015-02-22 14:01 - 2015-02-22 14:01 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{92191E1F-1CC4-47E7-890A-D2703C75EC31} 2015-02-21 23:23 - 2015-02-21 23:23 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{4A625FE4-7B44-4325-AF0D-CD7882E201DF} 2015-02-21 11:15 - 2015-02-21 11:15 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{8B09AD81-E709-4FB6-93F6-E7BE4AB4A5C8} 2015-02-20 09:55 - 2015-02-20 09:55 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{63792A84-F79D-4F04-8819-C86EE324A427} ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-22 17:24 - 2014-04-18 09:07 - 01931759 _____ () C:\WINDOWS\WindowsUpdate.log 2015-03-22 17:16 - 2011-07-07 13:54 - 00001102 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-22 17:10 - 2012-12-23 14:17 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-575980163-2068655675-1454019340-1000 2015-03-22 17:06 - 2013-03-17 13:54 - 00000000 ___RD () C:\Users\Charlotte\Dropbox 2015-03-22 17:06 - 2013-03-17 13:52 - 00000000 ____D () C:\Users\Charlotte\AppData\Roaming\Dropbox 2015-03-22 17:05 - 2014-08-14 00:53 - 00000392 _____ () C:\WINDOWS\Tasks\DriverToolkit Autorun.job 2015-03-22 17:05 - 2014-04-18 09:40 - 00000000 ___DO () C:\Users\Charlotte\OneDrive 2015-03-22 17:05 - 2011-07-07 13:54 - 00001098 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-22 17:04 - 2014-06-09 16:33 - 00008135 _____ () C:\WINDOWS\setupact.log 2015-03-22 17:04 - 2014-03-17 21:51 - 00310348 _____ () C:\WINDOWS\PFRO.log 2015-03-22 17:04 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Globalization 2015-03-22 17:04 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-03-22 17:03 - 2012-09-19 22:39 - 00000000 ____D () C:\Program Files (x86)\FrostWire 5 2015-03-22 17:02 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-03-22 16:59 - 2012-09-23 14:20 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-22 16:45 - 2012-08-11 02:18 - 00001002 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-03-22 16:14 - 2012-12-13 23:04 - 00000944 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-575980163-2068655675-1454019340-1000UA.job 2015-03-22 15:50 - 2011-08-20 00:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-03-22 15:50 - 2011-08-14 16:39 - 00000000 ____D () C:\Users\Charlotte\AppData\Roaming\Mozilla 2015-03-22 15:20 - 2014-05-04 15:10 - 00003968 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896} 2015-03-22 15:15 - 2015-01-17 15:20 - 00000000 ____D () C:\Users\Jeff\AppData\Local\ICSharpCode.net 2015-03-22 15:15 - 2015-01-09 20:58 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\ICSharpCode.net 2015-03-22 15:15 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\MediaViewer 2015-03-22 15:15 - 2013-08-22 09:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2015-03-22 10:59 - 2012-06-20 21:51 - 00000000 ____D () C:\WINDOWS\en 2015-03-22 09:29 - 2015-01-09 21:29 - 00000093 _____ () C:\Users\Charlotte\AppData\Roaming\WB.CFG 2015-03-21 22:14 - 2012-12-13 23:04 - 00000922 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-575980163-2068655675-1454019340-1000Core.job 2015-03-21 13:04 - 2011-07-07 15:52 - 00000000 ____D () C:\Users\Charlotte\Documents\Youcam 2015-03-19 22:17 - 2013-06-03 22:42 - 00002201 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-03-19 17:00 - 2014-03-18 06:06 - 02107562 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-03-19 17:00 - 2014-03-18 05:26 - 00920524 _____ () C:\WINDOWS\system32\perfh00C.dat 2015-03-19 17:00 - 2014-03-18 05:26 - 00202238 _____ () C:\WINDOWS\system32\perfc00C.dat 2015-03-15 11:35 - 2011-07-07 20:41 - 00000000 ____D () C:\ProgramData\Origin 2015-03-14 14:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-03-14 13:56 - 2014-12-06 10:51 - 00001362 _____ () C:\Users\Public\Desktop\Les Sims 4.lnk 2015-03-14 13:56 - 2014-10-06 19:44 - 00000000 ____D () C:\ProgramData\Package Cache 2015-03-14 13:51 - 2011-07-07 20:40 - 00000000 ____D () C:\Program Files (x86)\Origin 2015-03-12 08:53 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-03-12 07:12 - 2012-05-28 16:31 - 00000000 ____D () C:\Users\Charlotte\AppData\Roaming\vlc 2015-03-12 07:07 - 2013-08-22 10:44 - 00518008 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2015-03-11 22:51 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2015-03-11 22:51 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-03-11 22:51 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2015-03-11 22:51 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2015-03-11 22:51 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore 2015-03-11 22:51 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions 2015-03-11 22:51 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Defender 2015-03-11 22:51 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2015-03-11 09:31 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-03-11 09:29 - 2011-12-04 20:01 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-03-11 09:22 - 2013-08-08 18:50 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-03-11 09:14 - 2011-07-07 15:07 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-03-11 09:06 - 2009-07-13 22:34 - 00000478 _____ () C:\WINDOWS\win.ini 2015-03-11 08:31 - 2013-03-17 13:54 - 00001083 _____ () C:\Users\Charlotte\Desktop\Dropbox.lnk 2015-03-11 08:31 - 2013-03-17 13:53 - 00000000 ____D () C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-03-04 17:24 - 2015-01-07 16:42 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-03-04 17:24 - 2015-01-07 16:42 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-03-03 09:17 - 2010-11-20 23:27 - 00295552 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2015-02-24 20:47 - 2014-01-29 22:47 - 00000000 ____D () C:\Users\Charlotte\Documents\Docs ==================== Files in the root of some directories ======= 2015-03-16 08:07 - 2015-03-16 08:07 - 1987585 _____ () C:\Users\Charlotte\AppData\Roaming\ACRV1.exe 2011-08-21 19:52 - 2011-08-21 19:52 - 0000000 _____ () C:\Users\Charlotte\AppData\Roaming\chrtmp 2011-12-04 16:20 - 2013-03-31 21:49 - 0000129 _____ () C:\Users\Charlotte\AppData\Roaming\D2Info0 2011-12-07 18:38 - 2013-03-31 22:24 - 0000008 _____ () C:\Users\Charlotte\AppData\Roaming\DofusAppId0_1 2011-12-04 16:20 - 2013-03-03 22:11 - 0000008 _____ () C:\Users\Charlotte\AppData\Roaming\DofusAppId0_2 2015-01-09 21:29 - 2015-03-22 09:29 - 0000093 _____ () C:\Users\Charlotte\AppData\Roaming\WB.CFG 2015-03-15 11:34 - 2015-03-15 11:34 - 0001250 _____ () C:\Users\Charlotte\AppData\Roaming\~windump.bat 2013-06-03 22:28 - 2013-06-03 22:28 - 0134934 _____ () C:\Users\Charlotte\AppData\Local\ars.cache 2012-06-16 10:04 - 2013-01-09 20:08 - 0005632 _____ () C:\Users\Charlotte\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-06-03 22:11 - 2013-06-03 22:11 - 0000036 _____ () C:\Users\Charlotte\AppData\Local\housecall.guid.cache 2011-07-07 13:57 - 2011-07-07 13:58 - 0032899 _____ () C:\Users\Charlotte\AppData\Local\IWDAudHelper.20110707.135742.txt 2011-07-07 13:57 - 2011-07-07 13:57 - 0000661 _____ () C:\Users\Charlotte\AppData\Local\PDLSetup.20110707.135727.txt 2011-07-07 13:57 - 2011-07-07 13:57 - 0001578 _____ () C:\Users\Charlotte\AppData\Local\PDLSetup.20110707.135730.txt 2011-07-07 13:57 - 2011-07-07 13:57 - 0001227 _____ () C:\Users\Charlotte\AppData\Local\PDLSetup.20110707.135735.txt 2013-06-03 22:46 - 2013-06-10 12:24 - 0007654 _____ () C:\Users\Charlotte\AppData\Local\Resmon.ResmonCfg 2013-04-26 06:59 - 2013-04-26 06:59 - 0000001 _____ () C:\Users\Charlotte\AppData\Local\socialextraschrome.dat 2013-06-03 22:29 - 2013-06-03 22:29 - 0180459 _____ () C:\ProgramData\1370312308.bdinstall.bin 2013-06-03 22:39 - 2013-06-03 22:39 - 0022725 _____ () C:\ProgramData\1370313570.bdinstall.bin 2013-06-03 22:40 - 2013-06-03 22:40 - 0076924 _____ () C:\ProgramData\1370313573.bdinstall.bin Some content of TEMP: ==================== C:\Users\Charlotte\AppData\Local\Temp\CloudBackup8805.exe C:\Users\Charlotte\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsbyl06.dll C:\Users\Charlotte\AppData\Local\Temp\Uninstall.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-22 11:10 ==================== End Of Log ============================ Here is the Additions scan log: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015 Ran by Charlotte at 2015-03-22 17:24:43 Running from C:\Users\Charlotte\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
  7. dontchaae
    Hello, I've recently started to have bugs with my keyboard. When I want to type an accent (I'm French) or any special character with a letter, it doesn't work. I won't get too into the details of how it doesn't work, it's not relevant to my topic. Anyway, I scanned my computer multiple times today with malwarebytes and even if I delete all the "bad" files, they keep creating themselves when I restart the computer. I know this virus steals my personal information, and I obviously don't want that. It wouldn't be so bad if it didn't keep messing up my keyboard, too. Can somebody help me?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.