dontchaae
-
Posts
7 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by dontchaae
-
-
Here is the scan from Jotti's site:
2015-03-22 Gen:Variant.Kazy.5645772015-03-22 Found nothing2015-03-21 Found nothing2015-03-22 Found nothing
2015-03-22 Gen:Variant.Kazy.564577
2015-03-22 Gen:Variant.Kazy.564577
2015-03-22 Win32:GenMaliciousA-BRD
2015-03-22 Gen:Variant.Kazy.5645772015-03-22 Found nothing2015-03-22 Found nothing
2015-03-22 TR/Fynloski.A.13402015-03-22 Found nothing
2015-03-22 Gen:Variant.Kazy.5645772015-03-22 Found nothing2015-03-22 Found nothing2015-03-21 Found nothing2015-03-22 Found nothing2015-03-22 Found nothing
2015-03-22 Gen:Variant.Kazy.5645772015-03-21 Found nothing2015-03-22 Found nothing2015-03-22 Found nothing -
Here is the Extras.exe:
OTL Extras logfile created on: 2015-03-22 19:25:12 - Run 3OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Charlotte\Desktop64bit- Professional (Version = 6.2.9200) - Type = NTWorkstationInternet Explorer (Version = 9.11.9600.17690)Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd3,91 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 46,60% Memory free7,91 Gb Paging File | 5,33 Gb Available in Paging File | 67,35% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)Drive C: | 224,78 Gb Total Space | 58,55 Gb Free Space | 26,05% Space Free | Partition Type: NTFSDrive D: | 224,78 Gb Total Space | 117,03 Gb Free Space | 52,06% Space Free | Partition Type: NTFSUnable to calculate disk information.Computer Name: CHARLOTTE-PC | User Name: Charlotte | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation).url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation).html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)[HKEY_USERS\S-1-5-21-575980163-2068655675-1454019340-1000\SOFTWARE\Classes\<extension>].html [@ = ChromeHTML] -- Reg Error: Key error. File not found========== Shell Spawning ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.========== Security Center Settings ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 164bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 064bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]"UpgradeTime" = [binary data]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]"UpgradeTime" = Reg Error: Unknown registry data type -- File not found========== Firewall Settings ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 1"DisableNotifications" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1"DisableNotifications" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"EnableFirewall" = 1"DisableNotifications" = 0========== Authorized Applications List ==================== Vista Active Open Ports Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{234F87D1-C966-4A2B-A214-275DBD5EF9DA}" = lport=138 | protocol=17 | dir=in | app=system |"{316ECA6E-B8F3-40DD-8082-A4FE476DCF91}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{474C5555-4434-41EB-A8A3-836323B91735}" = lport=139 | protocol=6 | dir=in | app=system |"{4B9D09D6-E6A3-45C0-A047-F1376DA4523E}" = lport=445 | protocol=6 | dir=in | app=system |"{5EF6FBC8-6AB5-407C-A225-9BBEE18987D4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |"{5FE1FD8A-C241-466C-B786-FC01A3CE028C}" = rport=139 | protocol=6 | dir=out | app=system |"{B000DA98-81B5-49E4-AEAB-22EBBA43D435}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |"{B6908543-BEBE-452A-AE86-9BD2C249DADF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |"{C5847BBC-F35C-4D23-90EC-FB3943E72373}" = lport=137 | protocol=17 | dir=in | app=system |"{CC815ABF-460A-4DE7-B0D0-29C63FCB357B}" = rport=137 | protocol=17 | dir=out | app=system |"{D7E7514D-A9CF-442D-9B52-FFB888893DB1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{E97FB4C1-F4A0-4F6B-8005-CBF1A9045220}" = rport=445 | protocol=6 | dir=out | app=system |"{F996A1A6-4B5B-4392-866D-D5E2E196F80E}" = rport=138 | protocol=17 | dir=out | app=system |========== Vista Active Application Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{02CC4086-CEBB-4E76-BD1B-90D631EC208F}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\the sims 4\game\bin\ts4.exe |"{037E2A2A-DDFC-4D27-B3AE-BC39F7C4ACDE}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |"{0659EB82-31A8-47B8-BEEF-840573BB8F21}" = dir=out | name=@{microsoft.bingweather_3.0.4.249_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} |"{1CE9B71B-9B57-47D1-8800-880A087DCC9C}" = dir=in | name=juniper networks junos pulse |"{24EED8C5-58A6-4306-A632-AD36E57E0FAF}" = dir=out | name=@{microsoft.bingnews_3.0.4.268_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} |"{2713A217-62CF-4820-B554-33E4552948B7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |"{31941474-F15F-464C-A580-8FE66BAF1754}" = dir=out | name=xbox one smartglass |"{35705B02-C6EE-4087-BCB5-DDB49CCB5993}" = dir=in | name=onenote |"{36EFBC06-5D93-45DF-8F4D-8834124A8E61}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\the sims 4\game\bin\ts4.exe |"{3C6232AE-B497-4971-B003-D7481A271902}" = dir=out | name=f5 vpn |"{40B1900C-07A0-475F-9CA3-DAABEBE3232A}" = dir=out | name=@{microsoft.bingfinance_3.0.4.253_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} |"{41256807-871B-458D-94B6-E57EE2313C45}" = dir=in | name=sonicwall mobile connect |"{41D6CD9C-F667-4BFD-863E-96196D430DC9}" = dir=out | name=@{microsoft.zunevideo_2.6.434.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |"{48F19A0D-BE3E-4195-9D2D-8FCDFF76ED69}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |"{51B3887C-4938-421B-A003-F84B2240F2E3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of mythology\launcher.exe |"{5226F6DB-84C4-4CEC-8C0B-58B01A74DDB0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |"{5DF6AF38-B9B0-4290-80AD-13EE5BB791D3}" = dir=out | name=juniper networks junos pulse |"{72774FE9-F789-45FF-87A7-0E095F0A6FF5}" = dir=out | name=sonicwall mobile connect |"{79685DD8-27C7-46EF-ADD2-2B9480CCF44E}" = dir=out | name=check point vpn |"{7A4DF660-BDCB-4575-9FE2-559A079DBAC7}" = dir=in | name=f5 vpn |"{7E44856B-8430-4B40-82AA-81B895A86E3B}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |"{7F942FF7-1DE3-485A-ACDD-A363823BE25E}" = protocol=17 | dir=in | app=c:\users\charlotte\appdata\roaming\bittorrent\bittorrent.exe |"{860090C4-6653-4925-BA50-A57F36A9BC71}" = dir=out | name=@{microsoft.bingtravel_3.0.4.309_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} |"{8F11C5C9-67AC-45E4-8FD4-DB90FFF57DB4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |"{906DB785-3B4B-4102-A28E-3532AC2092C0}" = dir=out | name=@{microsoft.bingnews_3.0.4.255_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} |"{91C95DA3-82D1-4C8D-B779-FD5DC9FDE71F}" = dir=out | name=@{microsoft.bingtravel_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} |"{9389E427-4D2B-41AA-8F93-9101E0973D3C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |"{951F2062-C5DE-4BDC-A4D0-72084D8C439E}" = dir=in | name=check point vpn |"{9C2D8DBB-9811-4510-B1A4-0F5C9D83244E}" = dir=out | name=@{microsoft.bingmaps_2.1.3230.2048_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |"{A7E6A53C-B333-4318-93BC-FD46646E6AAB}" = dir=in | name=xbox one smartglass |"{A9084CBA-5941-48C8-98C2-FB56765FDDA5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |"{AA9823A1-7288-4907-B168-5451DA22F938}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\final fantasy iii\ff3_launcher.exe |"{AB0C82D5-E79B-4631-B9BC-A951076B6F25}" = protocol=6 | dir=in | app=c:\users\charlotte\appdata\roaming\bittorrent\bittorrent.exe |"{ABE6B275-274E-46BE-918A-6D5A8D89E9A5}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.4.254_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |"{AC8D627C-E7DB-46C8-B0CA-B1034CC8BB06}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\final fantasy iii\ff3_launcher.exe |"{B049EF2E-80BC-43F3-8611-3E4D4D8B6C8D}" = dir=out | name=@{microsoft.zunemusic_2.6.672.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |"{B63ED913-BD61-42D1-97CB-C2375F835ECA}" = dir=out | name=@{microsoft.bingweather_3.0.4.298_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} |"{BF4F755F-6B19-4AE5-AB93-C6BBF0DC2076}" = dir=out | name=@{microsoft.bingfinance_3.0.4.298_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} |"{C040CCD6-F242-45F4-8F38-7C5336838AF1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of mythology\launcher.exe |"{C3D37E81-BF27-44DD-BA13-F4FC6F54810C}" = dir=out | name=@{microsoft.zunemusic_2.6.653.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |"{CAEC4D26-5A5A-48E0-91E0-28DA3E373069}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |"{CD6842F0-A9A5-46C1-B4BD-35785B5B3426}" = dir=out | name=skype |"{CD960442-93D7-42E7-99C1-EDD4AD0CE8DC}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.4.253_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |"{D8612EC1-EC26-4BB0-96B4-84CB5D34E07F}" = dir=out | name=@{microsoft.bingsports_3.0.4.298_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} |"{DE2B292B-502A-4D05-8109-3278691FFF6F}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.4.309_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |"{E42EADCF-92B4-4EC6-8133-44A836306265}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |"{E7475F57-B067-49E4-9C29-9FA555A8BC26}" = dir=out | name=@{microsoft.bingsports_3.0.4.244_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} |"{E8E708F5-5F42-41B0-A6DE-7349A47C085A}" = dir=in | name=skype |"{F49C71D3-9F2E-4D95-B2F5-B2352A656676}" = dir=out | name=onenote |"{F9FDFBB0-5E7C-4FE8-B2B2-8E244473BCD1}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |"TCP Query User{F1485DD5-256B-4184-8E6B-75F9470533A6}C:\users\charlotte\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\charlotte\appdata\roaming\dropbox\bin\dropbox.exe |"UDP Query User{598DAEA5-AD47-4F87-A866-E4A5803F9208}C:\users\charlotte\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\charlotte\appdata\roaming\dropbox\bin\dropbox.exe |========== HKEY_LOCAL_MACHINE Uninstall List ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display"{32E9C1A5-0FDA-4483-987D-DBABF9CC1DD8}" = Microsoft Antimalware Service FR-FR Language Pack"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030"{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager"{47BC37A3-35C8-484A-8CBD-851914EB095E}" = Fujitsu Driver Update"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148"{4F90F34B-348A-4F48-8244-5FCAE90C289A}" = Microsoft Camera Codec Pack"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161"{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.1.2"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.03"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8D0A0EC6-9A3C-354F-9BFC-A61E96BE1846}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - FRA"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010"{90140000-00BD-040C-1000-0000000FF1CE}" = Langue des info-bulles Microsoft Office 2010 - Français"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010"{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting"{B678797F-DF38-4556-8A31-8B818E261868}" = Apple Mobile Device Support"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030"{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client FR-FR Language Pack"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility"{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility"{F46AA0F1-E284-4878-A462-5F11B9166C0E}" = iTunes"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - FRA" = Module linguistique Microsoft Visual Studio 2010 Tools pour Office Runtime (x64) - FRA"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010"SynTPDeinstKey" = Synaptics Pointing Device Driver[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions"{2091F234-EB58-4B80-8C96-8EB78C808CF7}" = Facebook Video Calling 3.1.0.521"{25680C01-6753-4FE9-A891-7857F26457C1}" = Intel® WiDi"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java 6 Update 30"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger"{2C12184B-F547-455E-8B36-D81ED4E17C46}" = Roxio Creator LJ"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = Les Sims™ 3 Showtime"{3DE92282-CB49-434F-81BF-94E5B380E889}" = Les Sims™ 3 Saisons"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Les Sims™ 3 Accès VIP"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live"{48EBEBBF-B9F8-4520-A3CF-89A730721917}" = Les Sims™ 4"{49A588CF-5FD4-4774-BFBF-0764287DE82B}" = Power Saving Utility"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in"{549BF60D-FDDA-4E4C-ABE3-9E897BC09E79}" = Anytime USB Charge Utility"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources"{639BE5F5-720F-4290-84FA-1C53568EAAD4}" = TweetDeck"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable"{74DC8A26-4E05-40B6-AD11-C9428A1AE150}" = Roxio Creator LJ"{78002155-F025-4070-85B3-7C0453561701}" = Apple Application Support"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh"{89A15676-78AE-4D51-BF5B-DEE3E0D46C94}" = Roxio Creator LJ"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Les Sims™ 3 Ambitions"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail"{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}" = Les Sims™ 3 En route vers le Futur"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9"{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger"{AC76BA86-0804-1033-1959-001802114130}" = Adobe Refresh Manager"{AC76BA86-7AD7-1036-7B44-AB0000000001}" = Adobe Reader XI (11.0.10) - Français"{b145ec69-66f5-11d8-9d75-000129760d75}" = CyberLink MakeDisc"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030"{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}" = Les Sims™ 3 Super-pouvoirs"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Les Sims™ 3 Destination Aventure"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Les Sims™ 3"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Les Sims™ 3 Animaux & Cie"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common"{C8A17598-7F89-41EA-9876-0F89DA0B24F1}_is1" = VIO Player version 1.0.1"{C8E4B31D-337C-483D-822D-16F11441669B}" = Fujitsu Hotkey Utility"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform"{DB21639E-FE55-432C-BCA2-0C5249E3F79E}" = Les Sims™ 3 Île de Rêve"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = Les Sims™ 3 Générations"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}" = Les Sims™ 3 University"{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022"Adobe AIR" = Adobe AIR"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI"Audacity_is1" = Audacity 2.0.3"Finale NotePad 2012" = Finale NotePad 2012"Google Chrome" = Google Chrome"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam"InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager"InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9"InstallShield_{b145ec69-66f5-11d8-9d75-000129760d75}" = CyberLink MakeDisc"InstallShield_{C8E4B31D-337C-483D-822D-16F11441669B}" = Fujitsu Hotkey Utility"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility"InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility"LAME_is1" = LAME v3.99.3 (for Windows)"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.1.4.1018"Origin" = Origin"Picasa 3" = Picasa 3"Sptnavi" = Sptnavi"Steam" = Steam"Steam App 239120" = FINAL FANTASY III"Steam App 266840" = Age of Mythology: Extended Edition"VLC media player" = VLC media player 2.0.1"WinLiveSuite" = Windows Live"WinRAR archiver" = WinRAR========== HKEY_USERS Uninstall List ==========[HKEY_USERS\S-1-5-21-575980163-2068655675-1454019340-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"Dropbox" = Dropbox"DRPSu Updater" = DriverPack Solution Updater"PennyBee" = PennyBeeUpdate"PhotoFiltre 7" = PhotoFiltre 7"UnityWebPlayer" = Unity Web Player========== Last 20 Event Log Errors ==========[ Application Events ]Error - 2015-03-20 05:45:30 | Computer Name = Charlotte-PC | Source = SideBySide | ID = 16842827Description = La création du contexte d’activation a échoué pour « c:\program files(x86)\Skype\Toolbars\internet explorer\SkypeIEPluginBroker.exe ». Erreur dans lefichier de manifeste ou de stratégie « c:\program files (x86)\Skype\Toolbars\internetexplorer\SkypeIEPluginBroker.exe » à la ligne 2. Le manifeste ne peut pas contenirplusieurs éléments requestedPrivileges.Error - 2015-03-21 03:47:15 | Computer Name = Charlotte-PC | Source = SideBySide | ID = 16842827Description = La création du contexte d’activation a échoué pour « c:\program files(x86)\Skype\Toolbars\internet explorer\SkypeIEPluginBroker.exe ». Erreur dans lefichier de manifeste ou de stratégie « c:\program files (x86)\Skype\Toolbars\internetexplorer\SkypeIEPluginBroker.exe » à la ligne 2. Le manifeste ne peut pas contenirplusieurs éléments requestedPrivileges.Error - 2015-03-21 03:50:35 | Computer Name = Charlotte-PC | Source = SideBySide | ID = 16842827Description = La création du contexte d’activation a échoué pour « c:\program files(x86)\Skype\Toolbars\internet explorer\SkypeIEPluginBroker.exe ». Erreur dans lefichier de manifeste ou de stratégie « c:\program files (x86)\Skype\Toolbars\internetexplorer\SkypeIEPluginBroker.exe » à la ligne 2. Le manifeste ne peut pas contenirplusieurs éléments requestedPrivileges.Error - 2015-03-22 10:02:09 | Computer Name = Charlotte-PC | Source = Application Hang | ID = 1002Description = Le programme RevoUninProSetup.tmp version 51.1052.0.0 a cessé d’interagiravec Windows et a été fermé. Pour déterminer si des informations supplémentairessont disponibles, consultez l’historique du problème dans le Centre de maintenance.IDde processus : 15d8 Heure de début : 01d064a86c328d86 Heure de fin : 4294967295 Chemind’accès de l’application : C:\Users\CHARLO~1\AppData\Local\Temp\is-U8KIG.tmp\RevoUninProSetup.tmpIDde rapport : 02415a92-d09c-11e4-bee2-5c9ad86037d6 Nom complet du package défaillant :ID de l’application relative au package défaillant :Error - 2015-03-22 11:15:54 | Computer Name = Charlotte-PC | Source = SideBySide | ID = 16842827Description = La création du contexte d’activation a échoué pour « c:\program files(x86)\Skype\Toolbars\internet explorer\SkypeIEPluginBroker.exe ». Erreur dans lefichier de manifeste ou de stratégie « c:\program files (x86)\Skype\Toolbars\internetexplorer\SkypeIEPluginBroker.exe » à la ligne 2. Le manifeste ne peut pas contenirplusieurs éléments requestedPrivileges.Error - 2015-03-22 15:51:09 | Computer Name = Charlotte-PC | Source = Application Hang | ID = 1002Description = Le programme OTL.exe version 3.2.69.0 a cessé d’interagir avec Windowset a été fermé. Pour déterminer si des informations supplémentaires sont disponibles,consultez l’historique du problème dans le Centre de maintenance. ID de processus :568 Heure de début : 01d064d920c7898c Heure de fin : 0 Chemin d’accès de l’application: C:\Users\Charlotte\Desktop\OTL.exe ID de rapport : b5bca14f-d0cc-11e4-bee5-5c9ad86037d6Nomcomplet du package défaillant : ID de l’application relative au package défaillant :Error - 2015-03-22 16:16:32 | Computer Name = Charlotte-PC | Source = Application Error | ID = 1000Description = Nom de l’application défaillante Setup_FileViewPro_[2015] (1).exe,version : 0.0.0.0, horodatage : 0x545f4e7a Nom du module défaillant : System.dll,version : 0.0.0.0, horodatage : 0x545f49d3 Code d’exception : 0xc0000005 Décalaged’erreur : 0x0000296f ID du processus défaillant : 0xcb0 Heure de début de l’applicationdéfaillante : 0x01d064dd0538a3d4 Chemin d’accès de l’application défaillante : C:\Users\Charlotte\Downloads\Setup_FileViewPro_[2015](1).exe Chemin d’accès du module défaillant: C:\Users\CHARLO~1\AppData\Local\Temp\nse5E11.tmp\System.dllIDde rapport : 544ce236-d0d0-11e4-bee5-5c9ad86037d6 Nom complet du package défaillant :ID de l’application relative au package défaillant :Error - 2015-03-22 17:10:00 | Computer Name = Charlotte-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 5973Description = Échec de l’activation de l’application winstore_cw5n1h2txyewy!Windows.Storeavec l’erreur : -2144927142 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel.Error - 2015-03-22 17:24:49 | Computer Name = Charlotte-PC | Source = Application Hang | ID = 1002Description = Le programme FRST64.exe version 11.3.2015.0 a cessé d’interagir avecWindows et a été fermé. Pour déterminer si des informations supplémentaires sontdisponibles, consultez l’historique du problème dans le Centre de maintenance. IDde processus : 6fc Heure de début : 01d064e622f57430 Heure de fin : 4294967295 Chemind’accès de l’application : C:\Users\Charlotte\Desktop\FRST64.exe ID de rapport :dac62ef5-d0d9-11e4-bee6-5c9ad86037d6 Nom complet du package défaillant : ID de l’applicationrelative au package défaillant :Error - 2015-03-22 18:18:06 | Computer Name = Charlotte-PC | Source = Application Error | ID = 1000Description = Nom de l’application défaillante RogueKillerX64.exe, version : 10.5.6.0,horodatage : 0x550dea28 Nom du module défaillant : RogueKillerX64.exe, version :10.5.6.0, horodatage : 0x550dea28 Code d’exception : 0xc0000005 Décalage d’erreur: 0x00000000007e41d0 ID du processus défaillant : 0xbdc Heure de début de l’applicationdéfaillante : 0x01d064ee11e03c6f Chemin d’accès de l’application défaillante : C:\Users\Charlotte\Downloads\RogueKillerX64.exeChemind’accès du module défaillant: C:\Users\Charlotte\Downloads\RogueKillerX64.exe IDde rapport : 5027383a-d0e1-11e4-bee7-5c9ad86037d6 Nom complet du package défaillant :ID de l’application relative au package défaillant :Error - 2015-03-22 18:20:17 | Computer Name = Charlotte-PC | Source = Application Error | ID = 1000Description = Nom de l’application défaillante RogueKillerX64.exe, version : 10.5.6.0,horodatage : 0x550dea28 Nom du module défaillant : RogueKillerX64.exe, version :10.5.6.0, horodatage : 0x550dea28 Code d’exception : 0xc0000005 Décalage d’erreur: 0x00000000007e41d0 ID du processus défaillant : 0x8a4 Heure de début de l’applicationdéfaillante : 0x01d064ee605f8481 Chemin d’accès de l’application défaillante : C:\Users\Charlotte\Desktop\RogueKillerX64.exeChemind’accès du module défaillant: C:\Users\Charlotte\Desktop\RogueKillerX64.exe ID derapport : 9e2185c6-d0e1-11e4-bee7-5c9ad86037d6 Nom complet du package défaillant :ID de l’application relative au package défaillant :Error - 2015-03-22 18:20:24 | Computer Name = Charlotte-PC | Source = Application Error | ID = 1000Description = Nom de l’application défaillante RogueKillerX64.exe, version : 10.5.6.0,horodatage : 0x550dea28 Nom du module défaillant : RogueKillerX64.exe, version :10.5.6.0, horodatage : 0x550dea28 Code d’exception : 0xc0000005 Décalage d’erreur: 0x00000000007e41d0 ID du processus défaillant : 0xad4 Heure de début de l’applicationdéfaillante : 0x01d064ee64b43761 Chemin d’accès de l’application défaillante : C:\Users\Charlotte\Desktop\RogueKillerX64.exeChemind’accès du module défaillant: C:\Users\Charlotte\Desktop\RogueKillerX64.exe ID derapport : a273d650-d0e1-11e4-bee7-5c9ad86037d6 Nom complet du package défaillant :ID de l’application relative au package défaillant :[ Media Center Events ]Error - 2011-08-27 11:41:18 | Computer Name = Charlotte-PC | Source = MCUpdate | ID = 0Description =Error - 2011-08-27 11:41:23 | Computer Name = Charlotte-PC | Source = MCUpdate | ID = 0Description =Error - 2011-08-27 12:41:34 | Computer Name = Charlotte-PC | Source = MCUpdate | ID = 0Description =Error - 2011-08-27 12:41:44 | Computer Name = Charlotte-PC | Source = MCUpdate | ID = 0Description =Error - 2011-08-27 13:42:05 | Computer Name = Charlotte-PC | Source = MCUpdate | ID = 0Description =Error - 2011-08-27 13:42:31 | Computer Name = Charlotte-PC | Source = MCUpdate | ID = 0Description =Error - 2011-09-10 23:31:42 | Computer Name = Charlotte-PC | Source = MCUpdate | ID = 0Description =Error - 2011-09-10 23:32:39 | Computer Name = Charlotte-PC | Source = MCUpdate | ID = 0Description =Error - 2011-09-30 23:34:34 | Computer Name = Charlotte-PC | Source = MCUpdate | ID = 0Description =Error - 2011-09-30 23:35:37 | Computer Name = Charlotte-PC | Source = MCUpdate | ID = 0Description =[ System Events ]Error - 2015-03-22 18:19:27 | Computer Name = Charlotte-PC | Source = DCOM | ID = 10005Description =Error - 2015-03-22 18:19:41 | Computer Name = Charlotte-PC | Source = DCOM | ID = 10005Description =Error - 2015-03-22 18:19:43 | Computer Name = Charlotte-PC | Source = DCOM | ID = 10005Description =Error - 2015-03-22 18:19:48 | Computer Name = Charlotte-PC | Source = DCOM | ID = 10005Description =Error - 2015-03-22 18:19:48 | Computer Name = Charlotte-PC | Source = DCOM | ID = 10005Description =Error - 2015-03-22 18:19:48 | Computer Name = Charlotte-PC | Source = DCOM | ID = 10005Description =Error - 2015-03-22 18:20:17 | Computer Name = Charlotte-PC | Source = DCOM | ID = 10005Description =Error - 2015-03-22 18:20:24 | Computer Name = Charlotte-PC | Source = DCOM | ID = 10005Description =Error - 2015-03-22 18:20:35 | Computer Name = Charlotte-PC | Source = DCOM | ID = 10005Description =Error - 2015-03-22 18:20:35 | Computer Name = Charlotte-PC | Source = DCOM | ID = 10005Description =< End of report > -
Here is the OTL.txt:
OTL logfile created on: 2015-03-22 19:25:12 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Charlotte\Desktop64bit- Professional (Version = 6.2.9200) - Type = NTWorkstationInternet Explorer (Version = 9.11.9600.17690)Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd3,91 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 46,60% Memory free7,91 Gb Paging File | 5,33 Gb Available in Paging File | 67,35% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)Drive C: | 224,78 Gb Total Space | 58,55 Gb Free Space | 26,05% Space Free | Partition Type: NTFSDrive D: | 224,78 Gb Total Space | 117,03 Gb Free Space | 52,06% Space Free | Partition Type: NTFSUnable to calculate disk information.Computer Name: CHARLOTTE-PC | User Name: Charlotte | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2015-03-22 19:23:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Charlotte\Desktop\OTL (1).exePRC - [2015-03-17 06:14:08 | 001,080,120 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exePRC - [2015-03-17 06:14:06 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exePRC - [2015-03-17 06:14:00 | 006,212,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exePRC - [2015-03-14 06:12:39 | 000,809,288 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exePRC - [2015-03-04 18:27:30 | 042,560,368 | ---- | M] (Dropbox, Inc.) -- C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\Dropbox.exePRC - [2015-02-03 20:11:22 | 000,232,264 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exePRC - [2014-12-19 09:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2014-05-27 00:39:13 | 000,056,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exePRC - [2011-03-05 02:49:24 | 000,228,448 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCam.exePRC - [2010-12-20 05:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exePRC - [2010-12-20 05:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exePRC - [2010-12-08 23:36:00 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exePRC - [2010-09-29 21:05:32 | 000,048,752 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exePRC - [2009-07-06 14:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe========== Modules (No Company Name) ==========MOD - [2015-03-22 18:22:53 | 000,043,008 | ---- | M] () -- c:\users\charlo~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpamtqb_.dllMOD - [2015-03-14 06:12:35 | 009,278,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dllMOD - [2015-03-14 06:12:30 | 001,174,856 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dllMOD - [2015-03-14 06:12:28 | 000,080,200 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dllMOD - [2015-03-04 18:08:06 | 000,865,280 | ---- | M] () -- C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dllMOD - [2015-03-04 18:08:06 | 000,750,080 | ---- | M] () -- C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\libGLESv2.dllMOD - [2015-03-04 18:08:06 | 000,047,616 | ---- | M] () -- C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\libEGL.dllMOD - [2015-03-04 18:07:48 | 000,200,704 | ---- | M] () -- C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dllMOD - [2014-07-31 12:16:44 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dllMOD - [2014-07-31 12:16:12 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dllMOD - [2013-09-05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODFMOD - [2010-10-20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll========== Services (SafeList) ==========SRV:64bit: - [2015-02-03 19:58:28 | 000,366,520 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)SRV:64bit: - [2015-02-03 19:58:28 | 000,023,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)SRV:64bit: - [2014-12-05 21:35:00 | 000,229,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)SRV:64bit: - [2014-10-31 00:51:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)SRV:64bit: - [2014-08-15 23:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)SRV:64bit: - [2014-08-15 20:58:35 | 000,287,744 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)SRV:64bit: - [2014-08-15 20:45:51 | 000,267,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)SRV:64bit: - [2014-07-24 03:28:58 | 001,600,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)SRV:64bit: - [2014-04-18 03:49:43 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)SRV:64bit: - [2014-04-18 03:49:43 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)SRV:64bit: - [2014-04-18 03:45:07 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\w3logsvc.dll -- (w3logsvc)SRV:64bit: - [2014-04-18 03:45:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mqsvc.exe -- (MSMQ)SRV:64bit: - [2014-03-18 06:14:12 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)SRV:64bit: - [2014-03-18 06:14:12 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)SRV:64bit: - [2014-03-18 06:14:03 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)SRV:64bit: - [2014-03-18 06:14:01 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)SRV:64bit: - [2014-03-18 06:14:00 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)SRV:64bit: - [2014-03-18 06:13:56 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)SRV:64bit: - [2014-03-18 05:41:40 | 000,183,296 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)SRV:64bit: - [2014-03-18 05:41:39 | 000,090,464 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\KeyboardFilterSvc.dll -- (MsKeyboardFilter)SRV:64bit: - [2014-03-14 02:26:25 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)SRV:64bit: - [2013-08-22 07:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)SRV:64bit: - [2013-08-22 07:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)SRV:64bit: - [2013-08-22 07:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)SRV:64bit: - [2013-08-22 07:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)SRV:64bit: - [2013-08-22 07:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)SRV:64bit: - [2013-08-22 06:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)SRV:64bit: - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)SRV:64bit: - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)SRV:64bit: - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)SRV:64bit: - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)SRV:64bit: - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)SRV:64bit: - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)SRV:64bit: - [2013-08-22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)SRV:64bit: - [2013-08-22 06:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)SRV:64bit: - [2013-08-22 05:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)SRV:64bit: - [2013-08-22 05:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)SRV:64bit: - [2013-08-22 05:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)SRV:64bit: - [2013-08-22 05:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)SRV:64bit: - [2013-08-22 05:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)SRV:64bit: - [2013-08-22 05:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)SRV:64bit: - [2013-08-22 05:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)SRV:64bit: - [2013-08-22 05:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)SRV:64bit: - [2010-09-22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)SRV:64bit: - [2010-06-17 18:47:12 | 000,063,336 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService)SRV:64bit: - [2009-09-30 02:23:00 | 000,014,336 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe -- (UpdateNaviInstallService)SRV - [2015-03-17 06:14:08 | 001,080,120 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2015-03-17 06:14:06 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)SRV - [2015-03-14 13:50:54 | 001,910,640 | ---- | M] (Electronic Arts) [On_Demand | Stopped] -- C:\Program Files (x86)\Origin\OriginClientService.exe -- (Origin Client Service)SRV - [2015-02-04 14:44:15 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2015-01-23 18:33:44 | 000,834,752 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)SRV - [2014-12-19 09:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2014-08-15 23:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)SRV - [2014-04-18 03:45:11 | 000,475,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)SRV - [2014-04-18 03:45:11 | 000,475,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)SRV - [2014-04-18 03:45:06 | 000,066,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc)SRV - [2014-04-18 03:45:04 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)SRV - [2014-03-14 02:10:16 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)SRV - [2014-01-29 23:02:44 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)SRV - [2013-10-23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)SRV - [2013-08-21 23:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)SRV - [2013-08-21 22:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)SRV - [2010-12-20 05:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)SRV - [2010-12-20 05:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)SRV - [2010-11-04 12:42:12 | 000,240,112 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)========== Driver Services (SafeList) ==========DRV:64bit: - [2015-03-22 19:25:15 | 000,136,408 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)DRV:64bit: - [2015-03-17 06:15:40 | 000,064,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)DRV:64bit: - [2015-03-17 06:15:24 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)DRV:64bit: - [2015-02-03 19:58:33 | 000,264,000 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)DRV:64bit: - [2015-02-03 19:58:33 | 000,114,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)DRV:64bit: - [2015-02-03 19:58:04 | 000,044,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)DRV:64bit: - [2014-12-11 20:51:20 | 000,075,776 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)DRV:64bit: - [2014-10-28 23:56:04 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)DRV:64bit: - [2014-10-12 22:43:17 | 000,238,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)DRV:64bit: - [2014-10-12 22:43:17 | 000,086,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)DRV:64bit: - [2014-10-12 22:43:17 | 000,039,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)DRV:64bit: - [2014-08-14 20:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)DRV:64bit: - [2014-07-28 14:52:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)DRV:64bit: - [2014-07-24 11:28:38 | 000,468,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)DRV:64bit: - [2014-07-24 11:28:38 | 000,412,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)DRV:64bit: - [2014-07-24 07:42:22 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)DRV:64bit: - [2014-05-01 09:31:39 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)DRV:64bit: - [2014-04-18 03:49:46 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)DRV:64bit: - [2014-04-18 03:49:44 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)DRV:64bit: - [2014-04-18 03:49:43 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)DRV:64bit: - [2014-04-18 03:45:10 | 000,173,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mqac.sys -- (MQAC)DRV:64bit: - [2014-03-18 06:14:02 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)DRV:64bit: - [2014-03-18 06:13:57 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)DRV:64bit: - [2014-03-18 06:13:39 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)DRV:64bit: - [2014-03-18 06:13:37 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)DRV:64bit: - [2014-03-18 06:13:37 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)DRV:64bit: - [2014-03-18 06:13:37 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)DRV:64bit: - [2014-03-18 06:13:37 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)DRV:64bit: - [2014-03-18 06:13:37 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)DRV:64bit: - [2014-03-18 05:41:42 | 000,022,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kbldfltr.sys -- (kbldfltr)DRV:64bit: - [2014-03-18 05:41:31 | 000,220,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Vid.sys -- (Vid)DRV:64bit: - [2014-03-18 05:41:31 | 000,129,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbusr.sys -- (vmbusr)DRV:64bit: - [2014-03-18 05:41:31 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsp.sys -- (storvsp)DRV:64bit: - [2014-03-18 05:41:31 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcivsp.sys -- (vpcivsp)DRV:64bit: - [2014-03-18 05:41:31 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)DRV:64bit: - [2014-01-29 23:02:28 | 005,363,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)DRV:64bit: - [2013-08-22 09:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)DRV:64bit: - [2013-08-22 09:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2013-08-22 08:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)DRV:64bit: - [2013-08-22 08:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)DRV:64bit: - [2013-08-22 08:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)DRV:64bit: - [2013-08-22 08:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)DRV:64bit: - [2013-08-22 08:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)DRV:64bit: - [2013-08-22 08:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2013-08-22 08:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2013-08-22 08:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)DRV:64bit: - [2013-08-22 08:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2013-08-22 08:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)DRV:64bit: - [2013-08-22 08:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)DRV:64bit: - [2013-08-22 08:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2013-08-22 08:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2013-08-22 08:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)DRV:64bit: - [2013-08-22 08:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2013-08-22 08:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)DRV:64bit: - [2013-08-22 08:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)DRV:64bit: - [2013-08-22 08:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2013-08-22 08:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)DRV:64bit: - [2013-08-22 08:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)DRV:64bit: - [2013-08-22 08:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2013-08-22 08:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)DRV:64bit: - [2013-08-22 08:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)DRV:64bit: - [2013-08-22 08:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)DRV:64bit: - [2013-08-22 08:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)DRV:64bit: - [2013-08-22 08:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)DRV:64bit: - [2013-08-22 08:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)DRV:64bit: - [2013-08-22 07:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)DRV:64bit: - [2013-08-22 07:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)DRV:64bit: - [2013-08-22 07:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)DRV:64bit: - [2013-08-22 07:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)DRV:64bit: - [2013-08-22 07:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)DRV:64bit: - [2013-08-22 07:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)DRV:64bit: - [2013-08-22 07:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)DRV:64bit: - [2013-08-22 07:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)DRV:64bit: - [2013-08-22 07:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)DRV:64bit: - [2013-08-22 07:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)DRV:64bit: - [2013-08-22 07:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)DRV:64bit: - [2013-08-22 07:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)DRV:64bit: - [2013-08-22 07:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)DRV:64bit: - [2013-08-22 07:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2013-08-22 07:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)DRV:64bit: - [2013-08-22 07:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)DRV:64bit: - [2013-08-22 07:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)DRV:64bit: - [2013-08-22 07:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)DRV:64bit: - [2013-08-22 07:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)DRV:64bit: - [2013-08-22 07:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)DRV:64bit: - [2013-08-22 04:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)DRV:64bit: - [2013-08-12 19:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)DRV:64bit: - [2013-08-09 20:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)DRV:64bit: - [2013-07-30 14:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)DRV:64bit: - [2013-07-25 15:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)DRV:64bit: - [2013-07-25 15:05:37 | 002,607,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)DRV:64bit: - [2013-06-18 10:46:17 | 000,591,360 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)DRV:64bit: - [2012-08-21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)DRV:64bit: - [2011-12-01 11:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol)DRV:64bit: - [2011-12-01 11:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp)DRV:64bit: - [2011-01-15 12:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)DRV:64bit: - [2011-01-12 04:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)DRV:64bit: - [2010-11-04 03:31:44 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)DRV:64bit: - [2010-10-19 18:12:58 | 000,274,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)DRV:64bit: - [2010-10-19 03:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)DRV:64bit: - [2010-10-14 11:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)DRV:64bit: - [2010-05-06 22:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)DRV:64bit: - [2010-03-19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)DRV:64bit: - [2009-12-30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)DRV:64bit: - [2009-11-19 08:45:08 | 000,299,568 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)DRV:64bit: - [2006-11-01 06:59:24 | 000,007,296 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02e3.sys -- (FUJ02E3)DRV:64bit: - [2006-11-01 06:20:28 | 000,007,808 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02b1.sys -- (FUJ02B1)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {80c554b9-c7f8-4a21-9471-06d606da78a2}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE:64bit: - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\..\SearchScopes,DefaultScope = {80c554b9-c7f8-4a21-9471-06d606da78a2}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://solutions.ca.fujitsu.comIE - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.comIE - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\InprocServer32 File not foundIE - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\..\URLSearchHook: {4daac69c-cba7-45e2-9bc8-1044483d3352} - No CLSID value foundIE - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}IE - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02IE - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\..\SearchScopes\{2B334F88-589D-40EF-B350-59F74987C670}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=CDS2&o=41648335&src=kw&q={searchTerms}&locale=&apn_ptnrs=9G&apn_dtid=YYYYYYYYCA&apn_uid=513453A9-4702-4088-AE67-C311856227DE&apn_sauid=609C4D62-D7E1-4C96-A32F-329F158C5245IE - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\..\SearchScopes\{58427BD9-BA45-4253-A902-2B090BA7BF59}: "URL" = http://www.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110731,17127,0,18,0IE - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJN_frCA439IE - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1IE - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>========== FireFox ==========FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll File not foundFF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Charlotte\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Charlotte\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not foundFF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8}: C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi[2015-03-22 15:50:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions[2012-02-16 21:48:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}========== Chrome ==========CHR - default_search_provider: (Enabled)CHR - default_search_provider: search_url =CHR - default_search_provider: suggest_url =CHR - plugin: Error reading preferences fileCHR - Extension: No name found = C:\Users\Charlotte\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfgjjmgfobfmaldmhdjobkjpnbcjbcmd\1.1\CHR - Extension: No name found = C:\Users\Charlotte\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.21_0\CHR - Extension: No name found = C:\Users\Charlotte\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\CHR - Extension: No name found = C:\Users\Charlotte\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\O1 HOSTS File: ([2013-08-22 09:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O2 - BHO: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not foundO2 - BHO: (4Loot Toolbar BHO) - {D990D1E0-38E7-4E3C-943B-231D1D228497} - C:\Program Files (x86)\4Loot Toolbar\Toolbar.dll File not foundO2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O3 - HKLM\..\Toolbar: (4Loot Toolbar) - {03A17412-05A4-4F78-91B9-9907C460DC2B} - C:\Program Files (x86)\4Loot Toolbar\Toolbar.dll File not foundO3 - HKLM\..\Toolbar: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not foundO3 - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\..\Toolbar\WebBrowser: (4Loot Toolbar) - {03A17412-05A4-4F78-91B9-9907C460DC2B} - C:\Program Files (x86)\4Loot Toolbar\Toolbar.dll File not foundO3 - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\..\Toolbar\WebBrowser: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not foundO4:64bit: - HKLM..\Run: [FDM7] C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED)O4:64bit: - HKLM..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe (FUJITSU LIMITED)O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [igfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED)O4:64bit: - HKLM..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)O4 - HKLM..\Run: [bDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)O4 - HKLM..\Run: [EasyDownloads] C:\Program Files (x86)\Easy downloads\easydownloads.exe (http://izloader.com/)O4 - HKLM..\Run: [indicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)O4 - HKLM..\Run: [updatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe (CyberLink Corp.)O4 - HKU\S-1-5-21-575980163-2068655675-1454019340-1000..\Run: [Akamai NetSession Interface] "C:\Users\Charlotte\AppData\Local\Akamai\netsession_win.exe" File not foundO4 - HKU\S-1-5-21-575980163-2068655675-1454019340-1000..\Run: [DrvUpdater] C:\Users\Charlotte\AppData\Roaming\DRPSu\DrvUpdater.exe File not foundO4 - HKU\S-1-5-21-575980163-2068655675-1454019340-1000..\Run: [Facebook Update] C:\Users\Charlotte\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)O4 - Startup: C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Acrobat.lnk = C:\Users\Charlotte\AppData\Roaming\ACRV1.exe ()O4 - Startup: C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O7 - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 File not foundO8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not foundO8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not foundO8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\SysWow64\GPhotos.scr (Google Inc.)O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not foundO8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not foundO9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)O1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO15 - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\..Trusted Domains: aeriagames.com ([]http in Trusted sites)O15 - HKU\S-1-5-21-575980163-2068655675-1454019340-1000\..Trusted Domains: aeriagames.com ([]https in Trusted sites)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab(Reg Error: Value error.)O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab(Java Plug-in 1.6.0_30)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab(Java Plug-in 10.7.2)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab(Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A55D9F19-96A0-47EA-A4B1-D6B37520D5B1}: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6BBD6B3-64F8-434D-9C47-0163038DFC59}: DhcpNameServer = 10.141.1.10 10.141.129.10O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not foundO18 - Protocol\Handler\ms-help - No CLSID value foundO18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not foundO18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)O30 - LSA: Security Packages - (livessp) - File not foundO32 - HKLM CDRom: AutoRun - 1O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)========== Files/Folders - Created Within 30 Days ==========[2015-03-22 19:23:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Charlotte\Desktop\OTL (1).exe[2015-03-22 18:23:58 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Roaming\dclogs[2015-03-22 17:21:27 | 000,000,000 | ---D | C] -- C:\FRST[2015-03-22 17:21:10 | 002,095,616 | ---- | C] (Farbar) -- C:\Users\Charlotte\Desktop\FRST64.exe[2015-03-22 16:46:03 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{4C0CC93A-BCA8-46B7-982B-B3D5774D81E0}[2015-03-22 16:16:03 | 000,000,000 | ---D | C] -- C:\Spacekace[2015-03-22 16:01:27 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{36E5386F-7EDF-4DFC-9883-0417C2E9BEFD}[2015-03-22 10:07:23 | 000,136,408 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys[2015-03-22 10:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware[2015-03-22 10:02:49 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys[2015-03-22 10:02:49 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mwac.sys[2015-03-22 10:02:49 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys[2015-03-22 10:02:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware[2015-03-22 09:59:59 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\VS Revo Group[2015-03-22 09:59:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro[2015-03-22 09:59:49 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\WINDOWS\SysNative\drivers\revoflt.sys[2015-03-22 09:59:49 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group[2015-03-22 09:59:46 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group[2015-03-22 09:53:39 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{D4788AFF-F818-42A2-9A63-C2A2E9ABE8D0}[2015-03-21 16:01:28 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{E38614A0-2A63-433F-9B1A-791B0B0CD5AA}[2015-03-21 12:01:41 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{0C7AC0C5-938C-4297-8277-6579693C8A41}[2015-03-20 11:40:11 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{5EE42A7C-84EE-4797-9EFE-D1A8DAC6F16E}[2015-03-16 23:17:28 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{BCCEBE1B-627C-4550-8185-B2C70C1436C7}[2015-03-16 08:50:54 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{03DA7C2C-E4CF-4527-9043-2F52EB057F9C}[2015-03-15 23:29:30 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{CA8F3491-928C-4C6F-A87A-63B29B70765C}[2015-03-15 10:33:45 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{A296C1F2-89BF-495D-9000-F4D0884D8B99}[2015-03-14 13:06:53 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{5349B5F0-7A7F-4E58-9026-EA2B45BB8635}[2015-03-12 23:39:46 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{F89052E2-71C5-40DB-9F6D-495BFC010F6E}[2015-03-12 07:36:49 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{D1ADA497-8A28-4BF5-A6E2-BDBA7B4FE890}[2015-03-11 19:13:35 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{80BC805D-4411-4D40-8992-EF0A3269B71B}[2015-03-11 08:39:46 | 000,723,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SHCore.dll[2015-03-11 08:39:46 | 000,560,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SHCore.dll[2015-03-11 08:39:39 | 000,358,912 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysNative\atmfd.dll[2015-03-11 08:39:38 | 000,301,056 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\atmfd.dll[2015-03-11 08:39:38 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fontsub.dll[2015-03-11 08:39:38 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\fontsub.dll[2015-03-11 08:39:38 | 000,044,032 | ---- | C] (Adobe Systems) -- C:\WINDOWS\SysNative\atmlib.dll[2015-03-11 08:39:38 | 000,035,840 | ---- | C] (Adobe Systems) -- C:\WINDOWS\SysWow64\atmlib.dll[2015-03-11 08:39:38 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dciman32.dll[2015-03-11 08:39:38 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lpk.dll[2015-03-11 08:39:36 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\photowiz.dll[2015-03-11 08:39:36 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\photowiz.dll[2015-03-11 08:39:25 | 001,091,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\localspl.dll[2015-03-11 08:39:25 | 000,864,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32spl.dll[2015-03-11 08:39:24 | 000,825,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\pmcsnap.dll[2015-03-11 08:39:24 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\puiobj.dll[2015-03-11 08:39:24 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\puiobj.dll[2015-03-11 08:39:24 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DafPrintProvider.dll[2015-03-11 08:39:24 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\DafPrintProvider.dll[2015-03-11 08:39:23 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\compstui.dll[2015-03-11 08:39:23 | 000,289,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\compstui.dll[2015-03-11 08:39:23 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ppcsnap.dll[2015-03-11 08:39:23 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\prnntfy.dll[2015-03-11 08:39:23 | 000,199,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\prnntfy.dll[2015-03-11 08:39:23 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\puiapi.dll[2015-03-11 08:39:23 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\puiapi.dll[2015-03-11 08:39:23 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\findnetprinters.dll[2015-03-11 08:39:22 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\findnetprinters.dll[2015-03-11 08:39:22 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\printui.exe[2015-03-11 08:39:22 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\printui.exe[2015-03-11 08:39:18 | 003,097,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msftedit.dll[2015-03-11 08:39:17 | 002,484,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msftedit.dll[2015-03-11 08:39:16 | 000,933,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\calc.exe[2015-03-11 08:39:16 | 000,816,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\calc.exe[2015-03-11 08:39:12 | 000,264,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdFilter.sys[2015-03-11 08:39:12 | 000,044,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdBoot.sys[2015-03-11 08:39:11 | 000,114,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdNisDrv.sys[2015-03-11 08:39:10 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winshfhc.dll[2015-03-11 08:39:09 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\winshfhc.dll[2015-03-11 08:38:30 | 003,547,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpcorets.dll[2015-03-11 08:38:30 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpudd.dll[2015-03-11 08:38:30 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rfxvmt.dll[2015-03-11 08:38:30 | 000,027,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\rdpvideominiport.sys[2015-03-11 08:38:27 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ubpm.dll[2015-03-11 08:38:19 | 007,472,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe[2015-03-11 08:38:19 | 001,733,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntdll.dll[2015-03-11 08:38:19 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\StorageContextHandler.dll[2015-03-11 08:38:19 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\StorageContextHandler.dll[2015-03-11 08:38:18 | 002,773,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll[2015-03-11 08:38:18 | 002,459,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll[2015-03-11 08:38:17 | 000,971,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSShared.dll[2015-03-11 08:38:17 | 000,811,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSShared.dll[2015-03-11 08:38:17 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.dll[2015-03-11 08:38:17 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll[2015-03-11 08:38:17 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll[2015-03-11 08:38:17 | 000,210,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll[2015-03-11 08:38:17 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSCollect.exe[2015-03-11 08:38:17 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSReset.exe[2015-03-11 08:38:16 | 002,257,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll[2015-03-11 08:38:16 | 001,943,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll[2015-03-11 08:38:15 | 004,298,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\D3DCompiler_47.dll[2015-03-11 08:38:15 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\atlthunk.dll[2015-03-11 08:38:15 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\atlthunk.dll[2015-03-11 08:38:14 | 003,551,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\D3DCompiler_47.dll[2015-03-11 08:38:14 | 001,488,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfc42u.dll[2015-03-11 08:38:14 | 001,464,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfc42.dll[2015-03-11 08:38:14 | 001,230,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfc42u.dll[2015-03-11 08:38:14 | 001,204,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfc42.dll[2015-03-11 08:38:12 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\eappcfg.dll[2015-03-11 08:38:12 | 000,339,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\eapphost.dll[2015-03-11 08:38:12 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\eapp3hst.dll[2015-03-11 08:38:12 | 000,278,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eappcfg.dll[2015-03-11 08:38:12 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eapphost.dll[2015-03-11 08:38:12 | 000,250,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eapp3hst.dll[2015-03-11 08:38:12 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\eappgnui.dll[2015-03-11 08:38:12 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eappgnui.dll[2015-03-11 08:38:12 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\eappprxy.dll[2015-03-11 08:38:12 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eappprxy.dll[2015-03-11 08:38:05 | 006,035,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll[2015-03-11 08:37:56 | 002,125,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl[2015-03-11 08:37:56 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll[2015-03-11 08:37:56 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iepeers.dll[2015-03-11 08:37:55 | 002,865,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\actxprxy.dll[2015-03-11 08:37:55 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl[2015-03-11 08:37:55 | 000,816,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript.dll[2015-03-11 08:37:55 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9diag.dll[2015-03-11 08:37:55 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll[2015-03-11 08:37:55 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtrans.dll[2015-03-11 08:37:55 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iepeers.dll[2015-03-11 08:37:55 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mshtmled.dll[2015-03-11 08:37:55 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MshtmlDac.dll[2015-03-11 08:37:55 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mshtmled.dll[2015-03-11 08:37:55 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MshtmlDac.dll[2015-03-11 08:37:54 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll[2015-03-11 08:37:54 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll[2015-03-11 08:37:54 | 000,664,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript.dll[2015-03-11 08:37:50 | 001,763,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WindowsCodecs.dll[2015-03-11 08:37:50 | 000,046,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LockScreenContentServer.exe[2015-03-11 08:37:43 | 002,501,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe[2015-03-11 08:37:43 | 002,207,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\explorer.exe[2015-03-11 08:37:43 | 001,090,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MrmCoreR.dll[2015-03-11 08:37:43 | 000,791,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MrmCoreR.dll[2015-03-11 08:37:43 | 000,402,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WMPhoto.dll[2015-03-11 08:37:43 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WMPhoto.dll[2015-03-11 08:37:42 | 001,384,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msctf.dll[2015-03-11 08:31:37 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{1E43BB38-4BC5-4B62-BB59-AF829C0CC198}[2015-03-09 09:20:16 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{213CEF8B-ABEC-4A02-AADD-C10ED62F37A6}[2015-03-08 09:22:03 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{645270A2-0EB3-4E4D-8527-1D92CF9923CE}[2015-02-26 18:59:49 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{1A8B6889-A6A1-4C4D-B366-FECA49B2F745}[2015-02-25 08:52:08 | 001,200,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Globalization.dll[2015-02-25 08:52:07 | 000,868,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Globalization.dll[2015-02-25 08:52:06 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GlobCollationHost.dll[2015-02-25 08:52:05 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GlobCollationHost.dll[2015-02-23 23:21:20 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{AF7950B7-7748-44B8-BB53-836BEE64C8DC}[2015-02-22 14:01:08 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{92191E1F-1CC4-47E7-890A-D2703C75EC31}[2015-02-21 23:23:20 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{4A625FE4-7B44-4325-AF0D-CD7882E201DF}[2015-02-21 11:15:29 | 000,000,000 | ---D | C] -- C:\Users\Charlotte\AppData\Local\{8B09AD81-E709-4FB6-93F6-E7BE4AB4A5C8}[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2015-03-22 19:25:15 | 000,136,408 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys[2015-03-22 19:23:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Charlotte\Desktop\OTL (1).exe[2015-03-22 19:16:44 | 000,001,102 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job[2015-03-22 19:16:44 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job[2015-03-22 19:14:34 | 000,000,944 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-575980163-2068655675-1454019340-1000UA.job[2015-03-22 18:44:00 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job[2015-03-22 18:23:31 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2015-03-22 18:22:02 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\DriverToolkit Autorun.job[2015-03-22 18:21:26 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys[2015-03-22 18:21:19 | 3152,502,784 | -HS- | M] () -- C:\hiberfil.sys[2015-03-22 18:18:01 | 020,316,760 | ---- | M] () -- C:\Users\Charlotte\Desktop\RogueKillerX64.exe[2015-03-22 17:21:04 | 002,095,616 | ---- | M] (Farbar) -- C:\Users\Charlotte\Desktop\FRST64.exe[2015-03-22 16:29:57 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin[2015-03-22 10:03:03 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2015-03-22 09:29:02 | 000,000,093 | ---- | M] () -- C:\Users\Charlotte\AppData\Roaming\WB.CFG[2015-03-21 22:14:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-575980163-2068655675-1454019340-1000Core.job[2015-03-19 22:17:48 | 000,002,201 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk[2015-03-19 17:00:44 | 002,107,562 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI[2015-03-19 17:00:44 | 000,920,524 | ---- | M] () -- C:\WINDOWS\SysNative\perfh00C.dat[2015-03-19 17:00:44 | 000,816,048 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat[2015-03-19 17:00:44 | 000,202,238 | ---- | M] () -- C:\WINDOWS\SysNative\perfc00C.dat[2015-03-19 17:00:44 | 000,169,052 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat[2015-03-17 08:16:11 | 000,000,847 | ---- | M] () -- C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Acrobat.lnk[2015-03-17 06:15:40 | 000,064,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mwac.sys[2015-03-17 06:15:28 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbamchameleon.sys[2015-03-17 06:15:24 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys[2015-03-16 08:07:21 | 001,987,585 | ---- | M] () -- C:\Users\Charlotte\AppData\Roaming\ACRV1.exe[2015-03-15 11:34:06 | 000,001,250 | ---- | M] () -- C:\Users\Charlotte\AppData\Roaming\~windump.bat[2015-03-14 13:56:10 | 000,001,362 | ---- | M] () -- C:\Users\Public\Desktop\Les Sims 4.lnk[2015-03-12 07:07:21 | 000,518,008 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT[2015-03-11 08:31:25 | 000,001,201 | ---- | M] () -- C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk[2015-03-11 08:31:19 | 000,001,083 | ---- | M] () -- C:\Users\Charlotte\Desktop\Dropbox.lnk[2015-03-04 17:24:42 | 000,792,032 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe[2015-03-04 17:24:42 | 000,178,144 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl[2015-02-20 20:27:45 | 000,128,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iepeers.dll[2015-02-20 19:58:53 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mshtmled.dll[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]========== Files Created - No Company Name ==========[2015-03-22 18:18:05 | 020,316,760 | ---- | C] () -- C:\Users\Charlotte\Desktop\RogueKillerX64.exe[2015-03-22 15:55:16 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin[2015-03-22 10:03:03 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2015-03-16 08:07:23 | 000,000,847 | ---- | C] () -- C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Acrobat.lnk[2015-03-16 08:07:20 | 001,987,585 | ---- | C] () -- C:\Users\Charlotte\AppData\Roaming\ACRV1.exe[2015-03-15 11:34:06 | 000,001,250 | ---- | C] () -- C:\Users\Charlotte\AppData\Roaming\~windump.bat[2015-03-11 08:38:33 | 000,396,419 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml[2015-01-09 21:29:03 | 000,000,093 | ---- | C] () -- C:\Users\Charlotte\AppData\Roaming\WB.CFG[2014-07-02 19:50:47 | 000,043,520 | ---- | C] () -- C:\WINDOWS\SysWow64\CmdLineExt03.dll[2014-07-01 19:46:03 | 000,021,840 | ---- | C] () -- C:\WINDOWS\SysWow64\SIntfNT.dll[2014-07-01 19:46:03 | 000,017,212 | ---- | C] () -- C:\WINDOWS\SysWow64\SIntf32.dll[2014-07-01 19:46:03 | 000,012,067 | ---- | C] () -- C:\WINDOWS\SysWow64\SIntf16.dll[2014-04-18 08:57:20 | 002,039,104 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI[2014-03-18 06:14:16 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini[2014-03-18 06:13:41 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll[2014-01-29 23:02:42 | 000,272,928 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng600.bin[2014-01-29 23:02:22 | 000,077,312 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll[2014-01-29 23:02:20 | 000,963,452 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng600.bin[2013-11-05 22:03:21 | 000,000,034 | ---- | C] () -- C:\WINDOWS\SysWow64\BD2170W.DAT[2013-08-22 11:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat[2013-08-22 11:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT[2013-08-22 10:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat[2013-08-22 03:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin[2013-08-21 23:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll[2013-08-21 19:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll[2013-08-21 19:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat[2013-06-03 22:46:43 | 000,007,654 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\Resmon.ResmonCfg[2013-06-03 22:40:02 | 000,076,924 | ---- | C] () -- C:\ProgramData\1370313573.bdinstall.bin[2013-06-03 22:39:33 | 000,022,725 | ---- | C] () -- C:\ProgramData\1370313570.bdinstall.bin[2013-06-03 22:29:19 | 000,180,459 | ---- | C] () -- C:\ProgramData\1370312308.bdinstall.bin[2013-06-03 22:28:27 | 000,134,934 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\ars.cache[2013-06-03 22:11:19 | 000,000,036 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\housecall.guid.cache[2013-04-26 06:59:58 | 000,000,001 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\socialextraschrome.dat[2013-04-21 20:45:25 | 000,000,441 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI[2013-04-21 20:45:25 | 000,000,034 | ---- | C] () -- C:\WINDOWS\SysWow64\BD2140.DAT[2012-06-16 10:04:34 | 000,005,632 | ---- | C] () -- C:\Users\Charlotte\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2011-12-07 18:38:31 | 000,000,008 | ---- | C] () -- C:\Users\Charlotte\AppData\Roaming\DofusAppId0_1[2011-12-04 16:20:13 | 000,000,129 | ---- | C] () -- C:\Users\Charlotte\AppData\Roaming\D2Info0[2011-12-04 16:20:13 | 000,000,008 | ---- | C] () -- C:\Users\Charlotte\AppData\Roaming\DofusAppId0_2[2011-08-21 19:52:22 | 000,000,000 | ---- | C] () -- C:\Users\Charlotte\AppData\Roaming\chrtmp========== ZeroAccess Check ==========[2014-08-13 12:05:09 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32][HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32][HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2015-02-12 13:40:58 | 022,291,584 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2015-02-12 13:34:06 | 019,731,824 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013-08-22 05:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2013-08-21 22:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013-08-22 05:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]========== LOP Check ==========[2011-12-04 16:20:15 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\app[2014-10-26 22:19:36 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Audacity[2011-08-19 23:48:53 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Babylon[2015-03-22 18:24:16 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\dclogs[2015-03-22 18:23:02 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Dropbox[2014-05-14 19:33:35 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\InfraRecorder[2013-04-11 19:09:58 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\JRT Studio[2014-12-25 15:38:07 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Mael[2013-01-24 22:14:44 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\MakeMusic[2014-12-22 13:53:51 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Origin[2012-12-10 07:58:00 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\PerformerSoft[2011-07-23 15:28:11 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\PhotoFiltre[2014-11-29 16:13:13 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\PhotoFiltre 7[2013-06-03 22:18:59 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\QuickScan[2014-05-04 20:55:53 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\REAPER[2011-12-04 16:20:15 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1[2013-09-29 22:04:10 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\SimpleFiles[2011-12-04 19:56:04 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\SoftGrid Client[2014-01-14 00:31:42 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Unity[2011-07-13 19:40:12 | 000,000,000 | ---D | M] -- C:\Users\Charlotte\AppData\Roaming\Windows Live Writer[2011-07-07 19:33:07 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\SoftGrid Client[2011-07-07 19:30:38 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\TP========== Purity Check ==================== Alternate Data Streams ==========@Alternate Data Stream - 220 bytes -> C:\Users\Charlotte\OneDrive:ms-properties< End of report > -
I re-did a scan with malwarebytes, because in the last ones the problematic files were absent, so there you go:
Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 2015-03-22Scan Time: 17:58:14Logfile:Administrator: YesVersion: 2.01.4.1018Malware Database: v2015.03.22.06Rootkit Database: v2015.02.25.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: DisabledOS: Windows 8.1CPU: x64File System: NTFSUser: CharlotteScan Type: Custom ScanResult: CancelledObjects Scanned: 411700Time Elapsed: 9 min, 37 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 1Malware.Trace, HKU\S-1-5-21-575980163-2068655675-1454019340-1000\SOFTWARE\DC3_FEXEC, Quarantined, [4a44a2a6a3e71c1ac0672f7734d0ce32],Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 1Stolen.Data, C:\Users\Charlotte\AppData\Roaming\dclogs, Quarantined, [c4ca0f396822290d447fb123b45033cd],Files: 2Stolen.Data, C:\Users\Charlotte\AppData\Roaming\dclogs\2015-03-22-1.dc, Quarantined, [c4ca0f396822290d447fb123b45033cd],Stolen.Data, C:\Users\Charlotte\AppData\Roaming\dclogs\desktop.ini, Quarantined, [c4ca0f396822290d447fb123b45033cd],Physical Sectors: 0(No malicious items detected)(end)This is the Addition.txt file in its whole, I didn't modify it:dditional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015Ran by Charlotte at 2015-03-22 17:24:43Running from C:\Users\Charlotte\DesktopBoot Mode: Normal============================================================================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)This is the virus total scan result:PE header basic informationCopyrightCopyright © 2014Product PatchOriginal name patch.exeInternal name patch.exeFile version 1.0.0.5Description patchPE sectionsTarget machine Intel 386 or later processors and compatible processorsCompilation timestamp 2015-02-08 20:12:52Entry Point 0x001CD45ENumber of sections 4PE imports Number of PE resources by typeName Virtual address Virtual size Raw size Entropy MD5.text 8192 1881188 1881600 7.33 8babe58287932e22084c9b73a05212a3.sdata 1892352 312 512 1.77 466b31c3a5dc7cb69b70ae0326ae3805.rsrc 1900544 103848 103936 4.36 fc3a80205c9c6bdf04e02e9bdd981b72.reloc 2007040 12 512 0.10 e8962f6482908ef00e263f29eb203992Number of PE resources by languageRT_ICON 5RT_MANIFEST 1RT_VERSION 1RT_GROUP_ICON 1ExifTool file metadataNEUTRAL 8SubsystemVersion4.0LinkerVersion11.0ImageVersion0.0FileSubtype0FileVersionNumber1.0.0.5UninitializedDataSize0LanguageCodeNeutralFileFlagsMask0x003fCharacterSetUnicodeInitializedDataSize104960FileOSWin32MIMETypeapplication/octet-streamLegalCopyrightCopyright 2014FileVersion1.0.0.5TimeStamp2015:02:08 21:12:52+01:00FileTypeWin32 EXEPETypePE32InternalNamepatch.exeProductVersion1.0.0.5FileDescriptionpatchOSVersion4.0OriginalFilenamepatch.exeSubsystemWindows GUIMachineTypeIntel 386 or later, and compatiblesCodeSize1881600ProductNamePatchProductVersionNumber1.0.0.5EntryPoint0x1cd45eObjectFileTypeExecutable applicationAssemblyVersion1.0.0.5 -
Here is the Malwarebytes scan log:Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 2015-03-22Scan Time: 15:43:15Logfile:Administrator: YesVersion: 2.01.4.1018Malware Database: v2015.03.22.06Rootkit Database: v2015.02.25.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: DisabledOS: Windows 8.1CPU: x64File System: NTFSUser: CharlotteScan Type: Custom ScanResult: CancelledObjects Scanned: 228060Time Elapsed: 1 hr, 19 min, 53 secMemory: DisabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 1PUP.Optional.Babylon.A, HKU\S-1-5-21-575980163-2068655675-1454019340-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Quarantined, [f39b4efa068464d24b1d3beba55e23dd],Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 1PUP.Optional.OpenCandy, C:\Program Files (x86)\FrostWire 5\OCSetupHlp.dll, Quarantined, [622c58f0820852e4234d4ecb18ee7c84],Physical Sectors: 0(No malicious items detected)(end)And here is the Farbar scan log:Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015Ran by Charlotte (administrator) on CHARLOTTE-PC on 22-03-2015 17:31:03Running from C:\Users\Charlotte\DesktopLoaded Profiles: Charlotte (Available profiles: Charlotte & Jeff & DefaultAppPool)Platform: Windows 8.1 Pro (X64) OS Language: Français (France)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Microsoft Corporation) C:\Windows\System32\mqsvc.exe(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe(FUJITSU LIMITED) C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe(FUJITSU LIMITED) C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe(FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe(Dropbox, Inc.) C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\Dropbox.exe(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\WWAHost.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1886504 2009-11-19] (Synaptics Incorporated)HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11580520 2010-11-09] (Realtek Semiconductor)HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)HKLM\...\Run: [FDM7] => C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe [164712 2009-11-25] (FUJITSU LIMITED)HKLM\...\Run: [FJUPDNV_Chitose] => C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe [157184 2010-01-12] (FUJITSU LIMITED)HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [21616 2010-07-09] (FUJITSU LIMITED)HKLM\...\Run: [LoadFUJ02E3] => C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [45680 2010-06-08] (FUJITSU LIMITED)HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [162416 2010-07-16] (FUJITSU LIMITED)HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [200552 2011-01-12] (FUJITSU LIMITED)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)HKLM-x32\...\Run: [bDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-12-08] (cyberlink)HKLM-x32\...\Run: [EasyDownloads] => C:\Program Files (x86)\Easy downloads\easydownloads.exe [854040 2011-10-20] (http://izloader.com/)HKLM-x32\...\Run: [indicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [48752 2010-09-29] (FUJITSU LIMITED)HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)HKLM-x32\...\Run: [updatePDRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2011-03-05] (CyberLink)HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [228448 2011-03-05] (CyberLink Corp.)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-575980163-2068655675-1454019340-1000\...\Run: [Facebook Update] => C:\Users\Charlotte\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-11-21] (Facebook Inc.)HKU\S-1-5-21-575980163-2068655675-1454019340-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Charlotte\AppData\Local\Akamai\netsession_win.exe"HKU\S-1-5-21-575980163-2068655675-1454019340-1000\...\Run: [DrvUpdater] => C:\Users\Charlotte\AppData\Roaming\DRPSu\DrvUpdater.exeHKU\S-1-5-21-575980163-2068655675-1454019340-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [786432 2013-08-22] (Microsoft Corporation)Startup: C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Acrobat.lnkShortcutTarget: Acrobat.lnk -> C:\Users\Charlotte\AppData\Roaming\ACRV1.exe ()Startup: C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Charlotte\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-575980163-2068655675-1454019340-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://solutions.ca.fujitsu.comURLSearchHook: HKU\S-1-5-21-575980163-2068655675-1454019340-1000 - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No FileURLSearchHook: HKU\S-1-5-21-575980163-2068655675-1454019340-1000 - (No Name) - {4daac69c-cba7-45e2-9bc8-1044483d3352} - No FileSearchScopes: HKLM -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1SearchScopes: HKLM-x32 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =SearchScopes: HKU\S-1-5-21-575980163-2068655675-1454019340-1000 -> {2B334F88-589D-40EF-B350-59F74987C670} URL = http://websearch.ask.com/redirect?client=ie&tb=CDS2&o=41648335&src=kw&q={searchTerms}&locale=&apn_ptnrs=9G&apn_dtid=YYYYYYYYCA&apn_uid=513453A9-4702-4088-AE67-C311856227DE&apn_sauid=609C4D62-D7E1-4C96-A32F-329F158C5245SearchScopes: HKU\S-1-5-21-575980163-2068655675-1454019340-1000 -> {58427BD9-BA45-4253-A902-2B090BA7BF59} URL = http://www.search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110731,17127,0,18,0SearchScopes: HKU\S-1-5-21-575980163-2068655675-1454019340-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-09-06] (Oracle Corporation)BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)BHO-x32: CrowdStar Gamebar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No FileBHO-x32: 4Loot Toolbar BHO -> {D990D1E0-38E7-4E3C-943B-231D1D228497} -> C:\Program Files (x86)\4Loot Toolbar\Toolbar.dll No FileBHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-09-06] (Oracle Corporation)Toolbar: HKLM-x32 - 4Loot Toolbar - {03A17412-05A4-4F78-91B9-9907C460DC2B} - C:\Program Files (x86)\4Loot Toolbar\Toolbar.dll No FileToolbar: HKLM-x32 - CrowdStar Gamebar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No FileToolbar: HKU\S-1-5-21-575980163-2068655675-1454019340-1000 -> No Name - {03A17412-05A4-4F78-91B9-9907C460DC2B} - No FileToolbar: HKU\S-1-5-21-575980163-2068655675-1454019340-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileToolbar: HKU\S-1-5-21-575980163-2068655675-1454019340-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileDPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No FileHandler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No FileHandler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-04] ()FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-04] ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.)FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2012-09-06] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-09-06] (Oracle Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2011-11-26] (Pando Networks)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-03-16] (VideoLAN)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-575980163-2068655675-1454019340-1000: @doubletwist.com/NPPodcast -> C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll No FileFF Plugin HKU\S-1-5-21-575980163-2068655675-1454019340-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Charlotte\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)FF Plugin HKU\S-1-5-21-575980163-2068655675-1454019340-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Charlotte\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)FF Plugin HKU\S-1-5-21-575980163-2068655675-1454019340-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2011-11-26] (Pando Networks)FF Plugin HKU\S-1-5-21-575980163-2068655675-1454019340-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No FileFF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-10-16]FF HKU\S-1-5-21-575980163-2068655675-1454019340-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpiStartMenuInternet: FIREFOX.EXE - firefox.exeChrome:=======CHR HomePage: Default -> https://www.google.ca/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8CHR StartupUrls: Default -> "https://www.facebook.com/","hxxp://www.youtube.com/?gl=FR&hl=fr", "hxxp://www.tumblr.com/"CHR Profile: C:\Users\Charlotte\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (YTBiookMMArk) - C:\Users\Charlotte\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfgjjmgfobfmaldmhdjobkjpnbcjbcmd [2014-01-05]CHR Extension: (AdBlock) - C:\Users\Charlotte\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-10]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Charlotte\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]CHR Extension: (Google Wallet) - C:\Users\Charlotte\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]CHR HKLM-x32\...\Chrome\Extension: [kolgnaidildmdbfgdnoapjdianbpajne] - C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx [Not Found]==================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [240112 2010-11-04] (CyberLink)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)R2 MSMQ; C:\Windows\system32\mqsvc.exe [25600 2014-04-18] (Microsoft Corporation)S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-14] (Electronic Arts)R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [63336 2010-06-17] (FUJITSU LIMITED)R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()R2 UpdateNaviInstallService; C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe [14336 2009-09-30] (FUJITSU LIMITED) [File not signed]S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-18] (Microsoft Corporation)R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2014-04-18] (Microsoft Corporation)R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [274432 2010-10-19] (Intel Corporation) [File not signed]R3 FUJ02B1; C:\Windows\System32\drivers\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)R3 FUJ02E3; C:\Windows\System32\drivers\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)S3 iBtFltCoex; C:\Windows\System32\DRIVERS\iBtFltCoex.sys [59904 2010-11-04] (Intel Corporation) [File not signed]R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-03-22] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)R3 MQAC; C:\Windows\System32\drivers\mqac.sys [173568 2014-04-18] (Microsoft Corporation)R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)U3 idsvc; No ImagePathS1 MpKsl145a53ff; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1BFDA7FD-ED32-46F4-80EF-06485EE7D967}\MpKsl145a53ff.sys [X]S3 SNP2UVC; \SystemRoot\system32\DRIVERS\snp2uvc.sys [X]==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2015-03-22 17:24 - 2015-03-22 17:24 - 00000760 _____ () C:\Users\Charlotte\Desktop\Addition.txt2015-03-22 17:22 - 2015-03-22 17:31 - 00023326 _____ () C:\Users\Charlotte\Desktop\FRST.txt2015-03-22 17:21 - 2015-03-22 17:31 - 00000000 ____D () C:\FRST2015-03-22 17:21 - 2015-03-22 17:21 - 02095616 _____ (Farbar) C:\Users\Charlotte\Downloads\FRST64.exe2015-03-22 17:21 - 2015-03-22 17:21 - 02095616 _____ (Farbar) C:\Users\Charlotte\Desktop\FRST64.exe2015-03-22 16:46 - 2015-03-22 16:46 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{4C0CC93A-BCA8-46B7-982B-B3D5774D81E0}2015-03-22 16:40 - 2015-03-22 16:40 - 02241760 _____ (www.PCFixKit.com ) C:\Users\Charlotte\Downloads\PCFixKit_Setup.exe2015-03-22 16:21 - 2015-03-22 16:47 - 00208518 _____ () C:\Users\Charlotte\Desktop\OTL.Txt2015-03-22 16:16 - 2015-03-22 16:16 - 00000000 ____D () C:\Spacekace2015-03-22 16:01 - 2015-03-22 16:01 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{36E5386F-7EDF-4DFC-9883-0417C2E9BEFD}2015-03-22 15:55 - 2015-03-22 16:29 - 00000512 _____ () C:\PhysicalMBR.bin2015-03-22 15:41 - 2015-03-22 15:41 - 00602112 _____ (OldTimer Tools) C:\Users\Charlotte\Downloads\OTL.exe2015-03-22 15:41 - 2015-03-22 15:41 - 00602112 _____ (OldTimer Tools) C:\Users\Charlotte\Desktop\OTL.exe2015-03-22 10:07 - 2015-03-22 17:05 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2015-03-22 10:03 - 2015-03-22 10:03 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-03-22 10:03 - 2015-03-22 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-03-22 10:02 - 2015-03-22 10:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2015-03-22 10:02 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2015-03-22 10:02 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys2015-03-22 10:02 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys2015-03-22 10:01 - 2015-03-22 10:02 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Charlotte\Downloads\mbam-setup-2.1.4.1018 (1).exe2015-03-22 10:01 - 2015-03-22 10:01 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Charlotte\Downloads\mbam-setup-2.1.4.1018.exe2015-03-22 09:59 - 2015-03-22 09:59 - 00001093 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk2015-03-22 09:59 - 2015-03-22 09:59 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\VS Revo Group2015-03-22 09:59 - 2015-03-22 09:59 - 00000000 ____D () C:\ProgramData\VS Revo Group2015-03-22 09:59 - 2015-03-22 09:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro2015-03-22 09:59 - 2015-03-22 09:59 - 00000000 ____D () C:\Program Files\VS Revo Group2015-03-22 09:59 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys2015-03-22 09:58 - 2015-03-22 09:59 - 10801480 _____ (VS Revo Group ) C:\Users\Charlotte\Downloads\RevoUninProSetup.exe2015-03-22 09:58 - 2015-03-22 09:58 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Charlotte\Downloads\revosetup.exe2015-03-22 09:53 - 2015-03-22 09:53 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{D4788AFF-F818-42A2-9A63-C2A2E9ABE8D0}2015-03-21 17:53 - 2015-03-21 17:53 - 00347816 _____ (Microsoft Corporation) C:\Users\Charlotte\Downloads\MicrosoftFixit.Devices.Run.exe2015-03-21 16:01 - 2015-03-21 16:01 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{E38614A0-2A63-433F-9B1A-791B0B0CD5AA}2015-03-21 12:01 - 2015-03-21 12:01 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{0C7AC0C5-938C-4297-8277-6579693C8A41}2015-03-20 11:40 - 2015-03-20 11:40 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{5EE42A7C-84EE-4797-9EFE-D1A8DAC6F16E}2015-03-16 23:17 - 2015-03-16 23:17 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{BCCEBE1B-627C-4550-8185-B2C70C1436C7}2015-03-16 08:50 - 2015-03-16 08:50 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{03DA7C2C-E4CF-4527-9043-2F52EB057F9C}2015-03-16 08:07 - 2015-03-16 08:07 - 01987585 _____ () C:\Users\Charlotte\AppData\Roaming\ACRV1.exe2015-03-15 23:29 - 2015-03-15 23:29 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{CA8F3491-928C-4C6F-A87A-63B29B70765C}2015-03-15 11:34 - 2015-03-15 11:34 - 00001250 _____ () C:\Users\Charlotte\AppData\Roaming\~windump.bat2015-03-15 11:10 - 2015-03-15 11:21 - 00000000 ____D () C:\Users\Charlotte\Downloads\The Sims 4 Outdoor-Retreat Incl. Update 8 MULTi22015-03-15 11:09 - 2015-03-15 11:09 - 00014343 _____ () C:\Users\Charlotte\Downloads\TheSims4Outdoor-RetreatIncl.Update8MULTi2 - ThePirateBay.TO.torrent2015-03-15 10:33 - 2015-03-15 10:33 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{A296C1F2-89BF-495D-9000-F4D0884D8B99}2015-03-14 17:12 - 2015-03-14 17:12 - 17598137 _____ () C:\Users\Charlotte\Downloads\1279314.zip2015-03-14 17:11 - 2015-03-14 17:11 - 00225535 _____ () C:\Users\Charlotte\Downloads\Flamingo@BrandonTR.zip2015-03-14 13:06 - 2015-03-14 13:06 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{5349B5F0-7A7F-4E58-9026-EA2B45BB8635}2015-03-12 23:39 - 2015-03-12 23:39 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{F89052E2-71C5-40DB-9F6D-495BFC010F6E}2015-03-12 07:36 - 2015-03-12 07:36 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{D1ADA497-8A28-4BF5-A6E2-BDBA7B4FE890}2015-03-11 19:13 - 2015-03-11 19:13 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{80BC805D-4411-4D40-8992-EF0A3269B71B}2015-03-11 08:39 - 2015-03-05 22:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll2015-03-11 08:39 - 2015-03-05 22:33 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll2015-03-11 08:39 - 2015-02-25 19:26 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys2015-03-11 08:39 - 2015-02-19 23:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll2015-03-11 08:39 - 2015-02-19 22:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll2015-03-11 08:39 - 2015-02-19 22:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll2015-03-11 08:39 - 2015-02-19 22:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll2015-03-11 08:39 - 2015-02-03 19:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys2015-03-11 08:39 - 2015-02-03 19:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys2015-03-11 08:39 - 2015-02-03 19:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys2015-03-11 08:39 - 2015-02-02 19:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll2015-03-11 08:39 - 2015-02-02 19:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll2015-03-11 08:39 - 2015-01-30 19:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll2015-03-11 08:39 - 2015-01-30 19:29 - 02484224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll2015-03-11 08:39 - 2015-01-28 21:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll2015-03-11 08:39 - 2015-01-28 21:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll2015-03-11 08:39 - 2015-01-28 21:04 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll2015-03-11 08:39 - 2015-01-28 21:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll2015-03-11 08:39 - 2015-01-26 23:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe2015-03-11 08:39 - 2015-01-23 21:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe2015-03-11 08:39 - 2015-01-23 03:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll2015-03-11 08:39 - 2015-01-23 01:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll2015-03-11 08:39 - 2014-10-28 22:49 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll2015-03-11 08:39 - 2014-10-28 22:44 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll2015-03-11 08:39 - 2014-10-28 22:44 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll2015-03-11 08:39 - 2014-10-28 22:43 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.exe2015-03-11 08:39 - 2014-10-28 22:34 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll2015-03-11 08:39 - 2014-10-28 22:04 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\findnetprinters.dll2015-03-11 08:39 - 2014-10-28 22:04 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll2015-03-11 08:39 - 2014-10-28 22:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll2015-03-11 08:39 - 2014-10-28 22:00 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll2015-03-11 08:39 - 2014-10-28 21:58 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.exe2015-03-11 08:39 - 2014-10-28 21:52 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll2015-03-11 08:39 - 2014-10-28 21:51 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll2015-03-11 08:39 - 2014-10-28 21:48 - 00825856 _____ (Microsoft Corporation) C:\WINDOWS\system32\pmcsnap.dll2015-03-11 08:39 - 2014-10-28 21:45 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ppcsnap.dll2015-03-11 08:39 - 2014-10-28 21:45 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll2015-03-11 08:39 - 2014-10-28 21:28 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\findnetprinters.dll2015-03-11 08:39 - 2014-10-28 21:20 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll2015-03-11 08:39 - 2014-10-28 21:15 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll2015-03-11 08:39 - 2014-10-28 20:55 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll2015-03-11 08:39 - 2014-10-28 20:44 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll2015-03-11 08:39 - 2014-10-28 20:41 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll2015-03-11 08:39 - 2014-10-28 20:35 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll2015-03-11 08:38 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2015-03-11 08:38 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2015-03-11 08:38 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2015-03-11 08:38 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2015-03-11 08:38 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2015-03-11 08:38 - 2015-02-06 19:09 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml2015-03-11 08:38 - 2015-02-05 21:28 - 02257408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll2015-03-11 08:38 - 2015-02-05 21:08 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll2015-03-11 08:38 - 2015-02-05 16:24 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys2015-03-11 08:38 - 2015-02-02 20:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll2015-03-11 08:38 - 2015-02-02 20:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll2015-03-11 08:38 - 2015-01-30 19:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll2015-03-11 08:38 - 2015-01-29 23:01 - 00097792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys2015-03-11 08:38 - 2015-01-29 22:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll2015-03-11 08:38 - 2015-01-29 22:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll2015-03-11 08:38 - 2015-01-29 22:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll2015-03-11 08:38 - 2015-01-29 21:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll2015-03-11 08:38 - 2015-01-29 21:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll2015-03-11 08:38 - 2015-01-29 21:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll2015-03-11 08:38 - 2015-01-29 21:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll2015-03-11 08:38 - 2015-01-29 21:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll2015-03-11 08:38 - 2015-01-29 21:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll2015-03-11 08:38 - 2015-01-29 21:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll2015-03-11 08:38 - 2015-01-29 21:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll2015-03-11 08:38 - 2015-01-29 21:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll2015-03-11 08:38 - 2015-01-29 21:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll2015-03-11 08:38 - 2015-01-28 21:11 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll2015-03-11 08:38 - 2015-01-28 21:00 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll2015-03-11 08:38 - 2015-01-28 20:59 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll2015-03-11 08:38 - 2015-01-28 20:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll2015-03-11 08:38 - 2015-01-28 20:50 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll2015-03-11 08:38 - 2015-01-28 20:49 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll2015-03-11 08:38 - 2015-01-28 11:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe2015-03-11 08:38 - 2015-01-28 11:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll2015-03-11 08:38 - 2015-01-28 11:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll2015-03-11 08:38 - 2015-01-27 22:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll2015-03-11 08:38 - 2015-01-27 21:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll2015-03-11 08:38 - 2015-01-27 00:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll2015-03-11 08:38 - 2015-01-26 22:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll2015-03-11 08:38 - 2014-10-28 23:56 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys2015-03-11 08:38 - 2014-10-28 22:37 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll2015-03-11 08:38 - 2014-10-28 22:34 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe2015-03-11 08:38 - 2014-10-28 22:34 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe2015-03-11 08:38 - 2014-10-28 21:28 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\atlthunk.dll2015-03-11 08:38 - 2014-10-28 21:19 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappprxy.dll2015-03-11 08:38 - 2014-10-28 21:13 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll2015-03-11 08:38 - 2014-10-28 20:59 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappprxy.dll2015-03-11 08:38 - 2014-10-28 20:55 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll2015-03-11 08:37 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll2015-03-11 08:37 - 2015-02-20 20:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll2015-03-11 08:37 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll2015-03-11 08:37 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll2015-03-11 08:37 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll2015-03-11 08:37 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2015-03-11 08:37 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll2015-03-11 08:37 - 2015-02-19 22:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll2015-03-11 08:37 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll2015-03-11 08:37 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll2015-03-11 08:37 - 2015-02-19 22:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll2015-03-11 08:37 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll2015-03-11 08:37 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll2015-03-11 08:37 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2015-03-11 08:37 - 2015-02-19 21:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll2015-03-11 08:37 - 2015-02-19 21:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll2015-03-11 08:37 - 2015-02-19 21:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll2015-03-11 08:37 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll2015-03-11 08:37 - 2015-02-19 21:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll2015-03-11 08:37 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl2015-03-11 08:37 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2015-03-11 08:37 - 2015-02-19 21:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll2015-03-11 08:37 - 2015-02-19 21:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll2015-03-11 08:37 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll2015-03-11 08:37 - 2015-02-19 21:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll2015-03-11 08:37 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl2015-03-11 08:37 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll2015-03-11 08:37 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll2015-03-11 08:37 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll2015-03-11 08:37 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll2015-03-11 08:37 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll2015-03-11 08:37 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll2015-03-11 08:37 - 2015-02-12 13:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll2015-03-11 08:37 - 2015-02-12 13:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll2015-03-11 08:37 - 2015-02-07 19:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll2015-03-11 08:37 - 2015-02-07 19:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll2015-03-11 08:37 - 2015-01-29 14:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll2015-03-11 08:37 - 2015-01-29 14:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll2015-03-11 08:37 - 2015-01-27 21:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll2015-03-11 08:37 - 2015-01-27 21:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll2015-03-11 08:37 - 2015-01-27 19:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe2015-03-11 08:37 - 2015-01-27 19:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe2015-03-11 08:37 - 2015-01-21 01:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll2015-03-11 08:37 - 2015-01-21 01:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll2015-03-11 08:37 - 2014-12-11 01:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe2015-03-11 08:31 - 2015-03-11 08:31 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{1E43BB38-4BC5-4B62-BB59-AF829C0CC198}2015-03-09 09:20 - 2015-03-09 09:20 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{213CEF8B-ABEC-4A02-AADD-C10ED62F37A6}2015-03-08 09:22 - 2015-03-08 09:22 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{645270A2-0EB3-4E4D-8527-1D92CF9923CE}2015-02-26 18:59 - 2015-02-26 18:59 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{1A8B6889-A6A1-4C4D-B366-FECA49B2F745}2015-02-25 08:52 - 2014-12-13 17:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls2015-02-25 08:52 - 2014-12-13 17:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls2015-02-25 08:52 - 2014-10-28 21:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll2015-02-25 08:52 - 2014-10-28 21:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll2015-02-25 08:52 - 2014-10-28 21:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll2015-02-25 08:52 - 2014-10-28 21:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll2015-02-23 23:21 - 2015-02-23 23:21 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{AF7950B7-7748-44B8-BB53-836BEE64C8DC}2015-02-22 14:01 - 2015-02-22 14:01 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{92191E1F-1CC4-47E7-890A-D2703C75EC31}2015-02-21 23:23 - 2015-02-21 23:23 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{4A625FE4-7B44-4325-AF0D-CD7882E201DF}2015-02-21 11:15 - 2015-02-21 11:15 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{8B09AD81-E709-4FB6-93F6-E7BE4AB4A5C8}2015-02-20 09:55 - 2015-02-20 09:55 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\{63792A84-F79D-4F04-8819-C86EE324A427}==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2015-03-22 17:24 - 2014-04-18 09:07 - 01931759 _____ () C:\WINDOWS\WindowsUpdate.log2015-03-22 17:16 - 2011-07-07 13:54 - 00001102 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2015-03-22 17:10 - 2012-12-23 14:17 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-575980163-2068655675-1454019340-10002015-03-22 17:06 - 2013-03-17 13:54 - 00000000 ___RD () C:\Users\Charlotte\Dropbox2015-03-22 17:06 - 2013-03-17 13:52 - 00000000 ____D () C:\Users\Charlotte\AppData\Roaming\Dropbox2015-03-22 17:05 - 2014-08-14 00:53 - 00000392 _____ () C:\WINDOWS\Tasks\DriverToolkit Autorun.job2015-03-22 17:05 - 2014-04-18 09:40 - 00000000 ___DO () C:\Users\Charlotte\OneDrive2015-03-22 17:05 - 2011-07-07 13:54 - 00001098 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2015-03-22 17:04 - 2014-06-09 16:33 - 00008135 _____ () C:\WINDOWS\setupact.log2015-03-22 17:04 - 2014-03-17 21:51 - 00310348 _____ () C:\WINDOWS\PFRO.log2015-03-22 17:04 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Globalization2015-03-22 17:04 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2015-03-22 17:03 - 2012-09-19 22:39 - 00000000 ____D () C:\Program Files (x86)\FrostWire 52015-03-22 17:02 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru2015-03-22 16:59 - 2012-09-23 14:20 - 00000000 ____D () C:\ProgramData\Malwarebytes2015-03-22 16:45 - 2012-08-11 02:18 - 00001002 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job2015-03-22 16:14 - 2012-12-13 23:04 - 00000944 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-575980163-2068655675-1454019340-1000UA.job2015-03-22 15:50 - 2011-08-20 00:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2015-03-22 15:50 - 2011-08-14 16:39 - 00000000 ____D () C:\Users\Charlotte\AppData\Roaming\Mozilla2015-03-22 15:20 - 2014-05-04 15:10 - 00003968 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}2015-03-22 15:15 - 2015-01-17 15:20 - 00000000 ____D () C:\Users\Jeff\AppData\Local\ICSharpCode.net2015-03-22 15:15 - 2015-01-09 20:58 - 00000000 ____D () C:\Users\Charlotte\AppData\Local\ICSharpCode.net2015-03-22 15:15 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\MediaViewer2015-03-22 15:15 - 2013-08-22 09:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI2015-03-22 10:59 - 2012-06-20 21:51 - 00000000 ____D () C:\WINDOWS\en2015-03-22 09:29 - 2015-01-09 21:29 - 00000093 _____ () C:\Users\Charlotte\AppData\Roaming\WB.CFG2015-03-21 22:14 - 2012-12-13 23:04 - 00000922 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-575980163-2068655675-1454019340-1000Core.job2015-03-21 13:04 - 2011-07-07 15:52 - 00000000 ____D () C:\Users\Charlotte\Documents\Youcam2015-03-19 22:17 - 2013-06-03 22:42 - 00002201 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2015-03-19 17:00 - 2014-03-18 06:06 - 02107562 _____ () C:\WINDOWS\system32\PerfStringBackup.INI2015-03-19 17:00 - 2014-03-18 05:26 - 00920524 _____ () C:\WINDOWS\system32\perfh00C.dat2015-03-19 17:00 - 2014-03-18 05:26 - 00202238 _____ () C:\WINDOWS\system32\perfc00C.dat2015-03-15 11:35 - 2011-07-07 20:41 - 00000000 ____D () C:\ProgramData\Origin2015-03-14 14:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness2015-03-14 13:56 - 2014-12-06 10:51 - 00001362 _____ () C:\Users\Public\Desktop\Les Sims 4.lnk2015-03-14 13:56 - 2014-10-06 19:44 - 00000000 ____D () C:\ProgramData\Package Cache2015-03-14 13:51 - 2011-07-07 20:40 - 00000000 ____D () C:\Program Files (x86)\Origin2015-03-12 08:53 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache2015-03-12 07:12 - 2012-05-28 16:31 - 00000000 ____D () C:\Users\Charlotte\AppData\Roaming\vlc2015-03-12 07:07 - 2013-08-22 10:44 - 00518008 _____ () C:\WINDOWS\system32\FNTCACHE.DAT2015-03-11 22:51 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData2015-03-11 22:51 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2015-03-11 22:51 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2015-03-11 22:51 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories2015-03-11 22:51 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore2015-03-11 22:51 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions2015-03-11 22:51 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Defender2015-03-11 22:51 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender2015-03-11 09:31 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp2015-03-11 09:29 - 2011-12-04 20:01 - 00000000 ____D () C:\ProgramData\Microsoft Help2015-03-11 09:22 - 2013-08-08 18:50 - 00000000 ____D () C:\WINDOWS\system32\MRT2015-03-11 09:14 - 2011-07-07 15:07 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2015-03-11 09:06 - 2009-07-13 22:34 - 00000478 _____ () C:\WINDOWS\win.ini2015-03-11 08:31 - 2013-03-17 13:54 - 00001083 _____ () C:\Users\Charlotte\Desktop\Dropbox.lnk2015-03-11 08:31 - 2013-03-17 13:53 - 00000000 ____D () C:\Users\Charlotte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2015-03-04 17:24 - 2015-01-07 16:42 - 00792032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe2015-03-04 17:24 - 2015-01-07 16:42 - 00178144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl2015-03-03 09:17 - 2010-11-20 23:27 - 00295552 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe2015-02-24 20:47 - 2014-01-29 22:47 - 00000000 ____D () C:\Users\Charlotte\Documents\Docs==================== Files in the root of some directories =======2015-03-16 08:07 - 2015-03-16 08:07 - 1987585 _____ () C:\Users\Charlotte\AppData\Roaming\ACRV1.exe2011-08-21 19:52 - 2011-08-21 19:52 - 0000000 _____ () C:\Users\Charlotte\AppData\Roaming\chrtmp2011-12-04 16:20 - 2013-03-31 21:49 - 0000129 _____ () C:\Users\Charlotte\AppData\Roaming\D2Info02011-12-07 18:38 - 2013-03-31 22:24 - 0000008 _____ () C:\Users\Charlotte\AppData\Roaming\DofusAppId0_12011-12-04 16:20 - 2013-03-03 22:11 - 0000008 _____ () C:\Users\Charlotte\AppData\Roaming\DofusAppId0_22015-01-09 21:29 - 2015-03-22 09:29 - 0000093 _____ () C:\Users\Charlotte\AppData\Roaming\WB.CFG2015-03-15 11:34 - 2015-03-15 11:34 - 0001250 _____ () C:\Users\Charlotte\AppData\Roaming\~windump.bat2013-06-03 22:28 - 2013-06-03 22:28 - 0134934 _____ () C:\Users\Charlotte\AppData\Local\ars.cache2012-06-16 10:04 - 2013-01-09 20:08 - 0005632 _____ () C:\Users\Charlotte\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2013-06-03 22:11 - 2013-06-03 22:11 - 0000036 _____ () C:\Users\Charlotte\AppData\Local\housecall.guid.cache2011-07-07 13:57 - 2011-07-07 13:58 - 0032899 _____ () C:\Users\Charlotte\AppData\Local\IWDAudHelper.20110707.135742.txt2011-07-07 13:57 - 2011-07-07 13:57 - 0000661 _____ () C:\Users\Charlotte\AppData\Local\PDLSetup.20110707.135727.txt2011-07-07 13:57 - 2011-07-07 13:57 - 0001578 _____ () C:\Users\Charlotte\AppData\Local\PDLSetup.20110707.135730.txt2011-07-07 13:57 - 2011-07-07 13:57 - 0001227 _____ () C:\Users\Charlotte\AppData\Local\PDLSetup.20110707.135735.txt2013-06-03 22:46 - 2013-06-10 12:24 - 0007654 _____ () C:\Users\Charlotte\AppData\Local\Resmon.ResmonCfg2013-04-26 06:59 - 2013-04-26 06:59 - 0000001 _____ () C:\Users\Charlotte\AppData\Local\socialextraschrome.dat2013-06-03 22:29 - 2013-06-03 22:29 - 0180459 _____ () C:\ProgramData\1370312308.bdinstall.bin2013-06-03 22:39 - 2013-06-03 22:39 - 0022725 _____ () C:\ProgramData\1370313570.bdinstall.bin2013-06-03 22:40 - 2013-06-03 22:40 - 0076924 _____ () C:\ProgramData\1370313573.bdinstall.binSome content of TEMP:====================C:\Users\Charlotte\AppData\Local\Temp\CloudBackup8805.exeC:\Users\Charlotte\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsbyl06.dllC:\Users\Charlotte\AppData\Local\Temp\Uninstall.exe==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2015-03-22 11:10==================== End Of Log ============================Here is the Additions scan log:Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015Ran by Charlotte at 2015-03-22 17:24:43Running from C:\Users\Charlotte\DesktopBoot Mode: Normal============================================================================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
-
Hello,
I've recently started to have bugs with my keyboard. When I want to type an accent (I'm French) or any special character with a letter, it doesn't work. I won't get too into the details of how it doesn't work, it's not relevant to my topic. Anyway, I scanned my computer multiple times today with malwarebytes and even if I delete all the "bad" files, they keep creating themselves when I restart the computer. I know this virus steals my personal information, and I obviously don't want that. It wouldn't be so bad if it didn't keep messing up my keyboard, too.
Can somebody help me?
DClogs keeps coming back, keyboard is messed up
in Resolved Malware Removal Logs
Posted
Thank you for your help,
My friend just came by to help me and everything seems to be working fine now, the DClogs folder is absent as well as all the other viruses.