Virus or Bug

[jacqventoux]

Hello

Excuse my poor English, I'm French and I use Google translation

For some days I struggle with blocked sites, for example: "www.google.fr" as well with Firefox, IE or Chrome on my PC while the other PCs on the network are working properly.
but some sites will be OK like "www.meteoblue.com"

Chrome says "'error : DNS_PROBE_FINISHED_NXDOMAIN"

I realized that MBAM 2.0.1.1004 (test Premium) was the cause of my discomfort. Indeed, MBAM off or 'malware protection webs' stopped, everything is correct.

config:
Windows 8 Pro with Media Center, 4GB RAM, 1TB HDD
Firefox 29
IE 10
Chrome 34
avast 2014.9
MBAM PREMIUM 2.0.1.1004 -1009 -1010

Regards

Jacques

 

FRST.txt

Addition.txt

[Maniac]

Hello Jacques! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as µTorrent, eMule, qBittorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

When you are ready, please generate new fresh log files and post them here.

[jacqventoux]

Hello Borislav

 

I am very glad to be helping by you

Excuse my poor english

 

Log01

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-05-2014
Ran by jb (administrator) on NEW_JACQ on 11-05-2014 06:16:42
Running from K:\FRST
Platform: Windows 8 Pro with Media Center (X86) OS Language: French Standard
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) L:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) L:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) L:\Windows\System32\nvvsvc.exe
(AVAST Software) L:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ArcSoft Inc.) L:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
() L:\Program Files\BWMeter\BWMeterConSvc.exe
(CobianSoft, Luis Cobian) L:\Program Files\Cobian Backup 11\cbVSCService11.exe
() L:\Program Files\EATON\PersonalSolutionPac\RunSC.exe
(Microsoft Corporation) L:\Windows\System32\dasHost.exe
() L:\Program Files\EATON\PersonalSolutionPac\PCtl.exe
(Volkswagen AG) O:\ElsaWin\bin\LcSvrAdm.exe
(Volkswagen AG) O:\ElsaWin\bin\LcSvrDba.exe
(Volkswagen AG) O:\ElsaWin\bin\LcSvrHis.exe
(Volkswagen AG) O:\ElsaWin\bin\LcSvrPas.exe
(Volkswagen AG) O:\ElsaWin\bin\LcSvrSaz.exe
(Malwarebytes Corporation) L:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) L:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) L:\Windows\System32\mqsvc.exe
(Microsoft Corporation) L:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() L:\Program Files\EATON\PersonalSolutionPac\BIL.exe
(Microsoft Corporation) L:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() L:\Program Files\EATON\PersonalSolutionPac\CilUSB.exe
(IObit) L:\Program Files\IObit\Start Menu 8\StartMenuServices.exe
(Microsoft Corporation) L:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) L:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(Volkswagen AG) O:\ElsaWin\bin\LcSvrAuf.exe
(AVAST Software) L:\Program Files\AVAST Software\Avast\AvastUI.exe
() L:\Program Files\EATON\PersonalSolutionPac\mgenetsystray.exe
(IObit) L:\Program Files\IObit\Start Menu 8\StartMenu8.exe
(DeskSoft) L:\Program Files\BWMeter\BWMeter.exe
() L:\Program Files\IObit\Start Menu 8\InstallServices32.exe
(IObit) L:\Program Files\IObit\Start Menu 8\StartMenu_Hook.exe
(Nero AG) L:\Program Files\Nero\Update\NASvc.exe
(Malwarebytes Corporation) L:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) L:\Windows\System32\sdclt.exe
(Malwarebytes Corporation) L:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Mozilla Corporation) L:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Dimension4] => L:\Program Files\D4\D4.exe [200704 2004-02-04] (Thinking Man Software)
HKLM\...\Run: [AvastUI.exe] => L:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-05-07] (AVAST Software)
HKLM\...\Run: [pspNetSystray] => L:\Program Files\EATON\PersonalSolutionPac\mgenetsystray.exe [1253376 2008-09-24] ()
Winlogon\Notify\LBTWlgn: l:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1126985804-3469020229-1997384072-1001\...\Run: [DAEMON Tools Lite] => L:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1126985804-3469020229-1997384072-1001\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-1126985804-3469020229-1997384072-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1126985804-3469020229-1997384072-1001\...\MountPoints2: {06fa1e3d-d8f2-11e2-b2e2-6cf0492d6143} - "P:\AutoRun.exe"
HKU\S-1-5-21-1126985804-3469020229-1997384072-1001\...\MountPoints2: {23912c0d-c906-11e3-b712-6cf0492d6143} - "Q:\AUTORUN.CMD"
HKU\S-1-5-21-1126985804-3469020229-1997384072-1001\...\MountPoints2: {2647b3b1-fd58-11e1-a3ad-6cf0492d6143} - "N:\StartCD.exe"
HKU\S-1-5-21-1126985804-3469020229-1997384072-1001\...\MountPoints2: {c9511996-4ce8-11e3-b4d9-6cf0492d6143} - "X:\wubi.exe"
HKU\S-1-5-21-1126985804-3469020229-1997384072-1001\...\MountPoints2: {d4809a91-b0f4-11e3-b69e-6cf0492d6143} - "Q:\AUTORUN.CMD"
HKU\S-1-5-21-1126985804-3469020229-1997384072-1001\...\MountPoints2: {ef5cf344-d8b9-11e2-b2e2-6cf0492d6143} - "P:\AutoRun.exe"
AppInit_DLLs: L:\Program L:\Program => L:\Program L:\Program File Not Found
Startup: L:\Users\jb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BWMeter.lnk
ShortcutTarget: BWMeter.lnk -> L:\Program Files\BWMeter\BWMeter.exe (DeskSoft)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-FR
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB083885FBC6CCD01
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=103&systemid=473&v=n9602-153&apn_uid=1554175858414576&apn_dtid=BND473&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKCU - {52db1893-8a90-4192-aede-08e00b8f8473} URL =
BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - L:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - L:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - L:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - L:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - L:\Users\jb\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll (Trend Media Group)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - L:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - L:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - o:\ElsaWin\bin\wiprot.dll (TODO: <Company name>)
ShellExecuteHooks:  - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -  No File [ ]
Winsock: Catalog5 04 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 91.121.161.184 188.165.197.144

FireFox:
========
FF ProfilePath: L:\Users\jb\AppData\Roaming\Mozilla\Firefox\Profiles\47cdzkb2.default-1391285319756
FF NewTab: https://www.google.fr/webhp
FF DefaultSearchEngine: Qwant.com
FF SelectedSearchEngine: Qwant.com
FF Plugin: @adobe.com/FlashPlayer - L:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - L:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - L:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf - L:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin - L:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - L:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - L:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @Nero.com/KM - L:\Program Files\Common Files\Nero\BrowserPlugin\npBrowserPlugin.dll (Nero AG)
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - L:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin: @tools.google.com/Google Update;version=3 - L:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - L:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - L:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - L:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - L:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - L:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - L:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: L:\Program Files\mozilla firefox\plugins\npfd.dll (FreshDevices Corp.)
FF Plugin ProgramFiles/Appdata: L:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: L:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: L:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: L:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: L:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: L:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: L:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: L:\Users\jb\AppData\Roaming\Mozilla\Firefox\Profiles\47cdzkb2.default-1391285319756\searchplugins\qwantcom.xml
FF SearchPlugin: L:\Program Files\mozilla firefox\browser\searchplugins\amazon-france.xml
FF SearchPlugin: L:\Program Files\mozilla firefox\browser\searchplugins\cnrtl-tlfi-fr.xml
FF SearchPlugin: L:\Program Files\mozilla firefox\browser\searchplugins\eBay-france.xml
FF SearchPlugin: L:\Program Files\mozilla firefox\browser\searchplugins\yahoo-france.xml
FF Extension: Adblock Plus - L:\Users\jb\AppData\Roaming\Mozilla\Firefox\Profiles\47cdzkb2.default-1391285319756\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-02]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - L:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - L:\Program Files\AVAST Software\Avast\WebRep\FF [2012-07-26]
FF HKLM\...\Firefox\Extensions: [{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}] - L:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox
FF Extension: Internet Video Downloader - L:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2012-08-21]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - L:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - L:\Program Files\PDF Architect\FFPDFArchitectExt [2013-05-01]
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - L:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - L:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-09-23]

Chrome:
=======
CHR DefaultSearchKeyword: mysearch.sweetpacks.com
CHR DefaultSearchProvider: Sweetpacks
CHR DefaultSearchURL: http://mysearch.sweetpacks.com/?src=6&q={searchTerms}&st=12&i=48&crg=3.5000006.10059&did=10703&barid=27007973164055389246631657630522499395
CHR DefaultNewTabURL:
CHR Extension: (Documents Google) - L:\Users\jb\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-12]
CHR Extension: (Google Drive) - L:\Users\jb\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-12]
CHR Extension: (Kaboom) - L:\Users\jb\AppData\Local\Google\Chrome\User Data\Default\Extensions\beahobhgpojnjfdjglaehfhdanaioode [2014-03-28]
CHR Extension: (YouTube) - L:\Users\jb\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-12]
CHR Extension: (Recherche Google) - L:\Users\jb\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-12]
CHR Extension: (avast! Online Security) - L:\Users\jb\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-20]
CHR Extension: (Google Wallet) - L:\Users\jb\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-12]
CHR Extension: (Gmail) - L:\Users\jb\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-12]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - L:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-07]

========================== Services (Whitelisted) =================

R2 ACDaemon; L:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avast! Antivirus; L:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-07] (AVAST Software)
S4 bgsvcgen; L:\Windows\System32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation)
R2 BWMeterConSvc; L:\Program Files\BWMeter\BWMeterConSvc.exe [62464 2014-05-10] ()
R2 cbVSCService11; L:\Program Files\Cobian Backup 11\cbVSCService11.exe [67584 2012-12-05] (CobianSoft, Luis Cobian)
R2 EATON Service module; L:\Program Files\EATON\PersonalSolutionPac\RunSC.exe [126976 2010-11-29] ()
S3 ICCS; L:\Program Files\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation)
S4 jswpsapi; L:\Program Files\NETGEAR\WN111v2\jswpsapi.exe [942080 2008-02-29] (Atheros Communications, Inc.)
R2 LcSvrAdm; o:\ElsaWin\bin\LcSvrAdm.exe [240640 2013-01-17] (Volkswagen AG)
R3 LcSvrAuf; o:\ElsaWin\bin\LcSvrAuf.exe [1321984 2013-01-17] (Volkswagen AG)
R2 LcSvrDba; o:\ElsaWin\bin\LcSvrDba.exe [392704 2013-01-17] (Volkswagen AG)
R2 LcSvrHis; o:\ElsaWin\bin\LcSvrHis.exe [335360 2013-01-17] (Volkswagen AG)
R2 LcSvrPAS; o:\ElsaWin\bin\LcSvrPas.exe [478208 2013-01-17] (Volkswagen AG)
R2 LcSvrSaz; o:\ElsaWin\bin\LcSvrSaz.exe [373248 2013-01-17] (Volkswagen AG)
S2 LiveUpdateSvc; L:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
R2 MBAMScheduler; L:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-05] (Malwarebytes Corporation)
R2 MBAMService; L:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-05] (Malwarebytes Corporation)
R2 MSMQ; L:\Windows\system32\mqsvc.exe [24064 2012-07-26] (Microsoft Corporation)
S3 MySQL55; L:\ProgramData\MySQL\MySQL Server 5.5\my.ini [9514 2013-07-17] ()
R2 NAUpdate; L:\Program Files\Nero\Update\NASvc.exe [762192 2013-07-18] (Nero AG)
S4 PDF Architect Helper Service; L:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S4 PDF Architect Service; L:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 StartMenuService; L:\Program Files\IObit\Start Menu 8\StartMenuServices.exe [72512 2013-12-02] (IObit)
S4 UleadBurningHelper; L:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2005-01-31] (Ulead Systems, Inc.)
S3 WinDefend; L:\Program Files\Windows Defender\MsMpEng.exe [14480 2013-10-25] (Microsoft Corporation)
S2 FoxitCloudUpdateService; L:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [X]

==================== Drivers (Whitelisted) ====================

R2 aswHwid; L:\Windows\system32\drivers\aswHwid.sys [24184 2014-05-07] ()
R2 aswMonFlt; L:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-05-07] (AVAST Software)
R1 aswRdr; L:\Windows\system32\drivers\aswRdr2.sys [81768 2014-05-07] (AVAST Software)
R0 aswRvrt; L:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-05-07] ()
R1 aswSnx; L:\Windows\system32\drivers\aswSnx.sys [776976 2014-05-07] (AVAST Software)
R1 aswSP; L:\Windows\system32\drivers\aswSP.sys [411552 2014-05-07] (AVAST Software)
R2 aswStm; L:\Windows\system32\drivers\aswStm.sys [67776 2014-05-07] (AVAST Software)
R0 aswVmm; L:\Windows\system32\Drivers\aswVmm.sys [180632 2014-05-07] ()
R1 BasicRender; L:\Windows\System32\drivers\BasicRender.sys [24576 2012-07-26] (Microsoft Corporation)
R1 cdrbsdrv; L:\Windows\system32\Drivers\cdrbsdrv.sys [33408 2006-02-20] (B.H.A Corporation)
S3 DNIMp50; L:\Windows\System32\Drivers\DNIMp50.sys [21504 2006-11-16] (Printing Communications Assoc., Inc. (PCAUSA))
S3 DNISp50; L:\Windows\System32\Drivers\DNISp50.sys [20480 2006-11-16] (Printing Communications Assoc., Inc. (PCAUSA))
S3 dot4; L:\Windows\system32\DRIVERS\Dot4.sys [137632 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; L:\Windows\System32\drivers\Dot4Prt.sys [22432 2012-10-19] (Windows ® Win 7 DDK provider)
R1 dsnpfd; L:\Windows\system32\DRIVERS\dsnpfd.sys [36384 2014-05-02] (DeskSoft)
R1 dtsoftbus01; L:\Windows\System32\drivers\dtsoftbus01.sys [243128 2014-04-21] (Disc Soft Ltd)
S3 etdrv; L:\Windows\etdrv.sys [17488 2014-03-25] (Windows ® 2000 DDK provider)
R0 EUBAKUP; L:\Windows\System32\drivers\eubakup.sys [50248 2012-10-20] (CHENGDU YIWO Tech Development Co., Ltd)
R0 EUBKMON; L:\Windows\System32\drivers\EUBKMON.sys [41544 2012-10-20] ()
R1 EUDSKACS; L:\Windows\system32\drivers\eudskacs.sys [15944 2012-10-20] (CHENGDU YIWO Tech Development Co., Ltd)
R1 EUFDDISK; L:\Windows\system32\drivers\EuFdDisk.sys [185928 2012-10-20] (CHENGDU YIWO Tech Development Co., Ltd)
S3 FsUsbExDisk; L:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
R1 GDKBFlt; L:\Windows\system32\drivers\GDKBFlt32.sys [20736 2014-04-16] (G Data Software AG)
S3 gdrv; L:\Windows\gdrv.sys [17488 2014-03-31] (Windows ® 2000 DDK provider)
R0 gfibto; L:\Windows\System32\drivers\gfibto.sys [13560 2013-04-03] (GFI Software)
R2 giveio; L:\Windows\system32\giveio.sys [5248 1996-04-03] ()
S3 GVTDrv; L:\Windows\system32\Drivers\GVTDrv.sys [24944 2014-03-31] ()
R2 Hardlock; L:\Windows\system32\drivers\hardlock.sys [693760 2006-11-22] (Aladdin Knowledge Systems Ltd.)
S3 LUsbFilt; L:\Windows\System32\Drivers\LUsbFilt.Sys [30984 2013-01-03] (Logitech, Inc.)
S3 LVUSBSta; L:\Windows\system32\DRIVERS\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
R3 MBAMProtector; L:\Windows\system32\drivers\mbam.sys [23256 2014-05-05] (Malwarebytes Corporation)
R3 MBAMSwissArmy; L:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-05-11] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; L:\Windows\system32\drivers\mwac.sys [51928 2014-05-05] (Malwarebytes Corporation)
R3 MQAC; L:\Windows\System32\drivers\mqac.sys [141312 2012-07-26] (Microsoft Corporation)
R2 NSHE; L:\Windows\system32\Drivers\NSHE.SYS [97792 2012-12-12] (T0r0 2008)
S3 pwdrvio; L:\Windows\system32\pwdrvio.sys [15576 2012-08-20] ()
S3 pwdspio; L:\Windows\system32\pwdspio.sys [10200 2012-08-20] ()
R1 RrNetCapFilterDriver; L:\Windows\system32\DRIVERS\RrNetCapFilterDriver.sys [22184 2013-10-07] (Audials AG)
S4 RsFx0105; L:\Windows\System32\DRIVERS\RsFx0105.sys [238696 2011-09-22] (Microsoft Corporation)
R2 RtNdPt60; L:\Windows\system32\DRIVERS\RtNdPt60.sys [27648 2011-06-15] (Realtek                                            )
S3 RTTEAMPT; L:\Windows\system32\DRIVERS\RtTeam60.sys [50280 2011-06-15] (Realtek Corporation)
S3 RTVLANPT; L:\Windows\system32\DRIVERS\RtVlan620.sys [27752 2011-09-16] (Realtek Corporation)
S3 SMIGrabber3C; L:\Windows\System32\Drivers\SmiUsbGrabber3C.sys [811936 2013-09-14] (Windows ® Win 7 DDK provider)
R2 speedfan; L:\Windows\system32\speedfan.sys [24184 2012-12-29] (Almico Software)
S3 ssm_bus; L:\Windows\System32\drivers\ssm_bus.sys [58320 2005-08-30] (MCCI)
S3 ssm_mdfl; L:\Windows\system32\DRIVERS\ssm_mdfl.sys [15112 2007-05-02] (MCCI Corporation)
S3 ssm_mdm; L:\Windows\system32\DRIVERS\ssm_mdm.sys [109704 2007-05-02] (MCCI Corporation)
R1 StarOpen; L:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] ()
S3 tbhsd; L:\Windows\system32\drivers\tbhsd.sys [39048 2013-10-07] (RapidSolution Software AG)
S3 TEAM; L:\Windows\system32\DRIVERS\RtTeam60.sys [50280 2011-06-15] (Realtek Corporation)
S1 UimBus; L:\Windows\System32\drivers\UimBus.sys [91016 2013-12-26] ()
S1 Uim_DEVIM; L:\Windows\System32\drivers\uim_devim.sys [20616 2013-12-26] ()
S1 Uim_IM; L:\Windows\System32\Drivers\Uim_IM.sys [540168 2013-12-26] ()
S1 Uim_Vim; L:\Windows\System32\Drivers\Uim_Vim.sys [284192 2013-04-26] (Paragon)
S3 usbser32; L:\Windows\system32\DRIVERS\usbser.sys [27648 2013-08-21] (Microsoft Corporation)
R0 vidsflt53; L:\Windows\System32\DRIVERS\vsflt53.sys [83392 2012-11-15] (Acronis)
S3 WinDriver6; L:\Windows\system32\drivers\windrvr6.sys [203552 2013-08-18] (Jungo Connectivity)
S3 WN111v2; L:\Windows\system32\DRIVERS\WN111v2v.sys [453120 2009-01-13] (Atheros Communications, Inc.)
S3 WsAudio_Device; L:\Windows\system32\drivers\VirtualAudio.sys [27496 2013-03-25] (Wondershare)
S3 WsAudio_Device(1); L:\Windows\system32\drivers\VirtualAudio1.sys [27496 2013-01-25] (Wondershare)
S3 WsAudio_DeviceS(1); L:\Windows\system32\drivers\WsAudio_DeviceS(1).sys [25704 2011-12-09] (Wondershare)
S3 WsAudio_DeviceS(2); L:\Windows\system32\drivers\WsAudio_DeviceS(2).sys [25704 2011-12-09] (Wondershare)
S3 WsAudio_DeviceS(3); L:\Windows\system32\drivers\WsAudio_DeviceS(3).sys [25704 2011-12-09] (Wondershare)
S3 WsAudio_DeviceS(4); L:\Windows\system32\drivers\WsAudio_DeviceS(4).sys [25704 2011-12-09] (Wondershare)
S3 WsAudio_DeviceS(5); L:\Windows\system32\drivers\WsAudio_DeviceS(5).sys [25704 2011-12-09] (Wondershare)
S3 WUDFWpdMtp; L:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-26] (Microsoft Corporation)
S3 anvsnddrv; \SystemRoot\system32\drivers\anvsnddrv.sys [X]
S3 BioNTDrv; \??\L:\Program Files\Paragon Software\Hard Disk Manager 14 Suite\program\BioNTDrv.SYS [X]
U5 FontCache3.0.0.0; L:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [43616 2012-07-06] (Microsoft Corporation)
U3 idsvc;
S3 LVRS; \SystemRoot\system32\DRIVERS\lvrs.sys [X]
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad32v.sys [X]
S3 pepifilter; \SystemRoot\system32\DRIVERS\lv302af.sys [X]
S3 PID_PEPI; \SystemRoot\system32\DRIVERS\LV302V32.SYS [X]
S3 taphss; \SystemRoot\system32\DRIVERS\taphss.sys [X]
S3 taphss6; \SystemRoot\system32\DRIVERS\taphss6.sys [X]
U5 UnlockerDriver5; L:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()
U5 usbser; L:\Windows\System32\Drivers\usbser.sys [27648 2013-08-21] (Microsoft Corporation)
S3 ZSMC301b; \SystemRoot\System32\Drivers\usbVM31b.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-11 05:12 - 2014-05-11 05:12 - 00000916 __RSH () L:\Users\jb\ntuser.pol
2014-05-10 06:32 - 2014-05-10 06:32 - 00000000 ____D () L:\Program Files\Mozilla Firefox
2014-05-09 06:14 - 2014-05-09 06:26 - 00043793 _____ () L:\Users\jb\Desktop\CheckResults.txt
2014-05-09 06:05 - 2014-05-11 06:16 - 00000000 ____D () L:\FRST
2014-05-08 06:03 - 2014-05-08 06:03 - 00001093 _____ () L:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-08 06:03 - 2014-05-05 13:23 - 00074456 _____ (Malwarebytes Corporation) L:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-08 06:03 - 2014-05-05 13:23 - 00051928 _____ (Malwarebytes Corporation) L:\Windows\system32\Drivers\mwac.sys
2014-05-08 06:03 - 2014-05-05 13:23 - 00023256 _____ (Malwarebytes Corporation) L:\Windows\system32\Drivers\mbam.sys
2014-05-07 05:16 - 2014-05-07 05:16 - 00043152 _____ (AVAST Software) L:\Windows\avastSS.scr
2014-05-07 05:16 - 2014-05-07 05:16 - 00024184 _____ () L:\Windows\system32\Drivers\aswHwid.sys
2014-05-07 05:16 - 2014-05-07 05:16 - 00002066 _____ () L:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-05-06 21:40 - 2014-05-06 21:40 - 00000770 _____ () L:\esscnx.txt
2014-05-06 14:52 - 2014-05-06 14:52 - 00000953 _____ () L:\prot2.txt
2014-05-06 09:13 - 2014-05-06 09:13 - 00001721 _____ () L:\prot.txt
2014-05-06 06:07 - 2014-05-08 06:03 - 00000000 ____D () L:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-06 06:07 - 2014-05-08 06:03 - 00000000 ____D () L:\Program Files\Malwarebytes Anti-Malware
2014-05-06 06:05 - 2014-05-11 06:12 - 00110296 _____ (Malwarebytes Corporation) L:\Windows\system32\Drivers\mbamswissarmy.sys
2014-05-06 04:48 - 2014-04-19 09:22 - 00509256 _____ (Microsoft Corporation) L:\Windows\system32\NotificationUI.exe
2014-05-06 04:48 - 2014-04-19 08:57 - 00566784 _____ (Microsoft Corporation) L:\Windows\system32\WSShared.dll
2014-05-06 04:48 - 2014-04-19 08:57 - 00124928 _____ (Microsoft Corporation) L:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-05 05:27 - 2014-05-05 05:27 - 00000000 ____D () L:\_OTL
2014-05-04 17:09 - 2014-05-04 17:09 - 00180684 _____ () L:\Users\jb\Desktop\OTL.Txt
2014-05-04 17:09 - 2014-05-04 17:09 - 00102678 _____ () L:\Users\jb\Desktop\Extras.Txt
2014-05-04 17:00 - 2014-05-04 17:48 - 00000664 _____ () L:\Users\jb\Desktop\MsgBloc.txt
2014-05-04 17:00 - 2014-05-04 16:48 - 00602112 _____ (OldTimer Tools) L:\Users\jb\Desktop\OTL.exe
2014-05-04 15:41 - 2014-05-05 05:12 - 00000000 ____D () L:\Program Files\Mozilla Thunderbird
2014-05-02 21:05 - 2014-04-29 14:47 - 14357504 _____ (Microsoft Corporation) L:\Windows\system32\mshtml.dll
2014-05-02 21:05 - 2014-04-29 14:25 - 02706432 _____ (Microsoft Corporation) L:\Windows\system32\mshtml.tlb
2014-05-02 08:17 - 2014-05-02 08:17 - 00000000 ____D () L:\ProgramData\DeskSoft
2014-05-02 08:15 - 2014-05-10 08:15 - 00001790 _____ () L:\Users\jb\Desktop\BWMeter.lnk
2014-05-02 08:15 - 2014-05-10 08:15 - 00000000 ____D () L:\Program Files\BWMeter
2014-05-02 08:15 - 2014-05-02 08:15 - 00036384 _____ (DeskSoft) L:\Windows\system32\Drivers\dsnpfd.sys
2014-05-02 08:15 - 2014-05-02 08:15 - 00000000 ____D () L:\Users\jb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BWMeter
2014-05-01 05:24 - 2014-05-07 15:51 - 00001206 _____ () L:\Windows\PFRO.log
2014-04-30 19:18 - 2014-05-11 06:13 - 01907911 _____ () L:\Windows\WindowsUpdate.log
2014-04-30 19:18 - 2014-05-11 05:12 - 01950676 _____ () L:\Windows\setupact.log
2014-04-30 19:18 - 2014-05-11 05:12 - 00005704 _____ () L:\Windows\DtcInstall.log
2014-04-30 19:18 - 2014-04-30 19:18 - 00000000 _____ () L:\Windows\setuperr.log
2014-04-30 19:12 - 2014-04-30 19:12 - 00001638 _____ () L:\AdwCleaner[R13].txt
2014-04-30 19:11 - 2014-04-30 19:11 - 00025436 _____ () L:\Users\jb\Documents\cc_20140430_191134.reg
2014-04-30 18:30 - 2014-04-30 18:30 - 00000855 _____ () L:\Windows\system32\Drivers\etc\hosts_bak
2014-04-30 17:08 - 2014-04-30 17:08 - 00000707 _____ () L:\Windows\system32\Drivers\etc\hosts_bak_508
2014-04-29 05:40 - 2014-04-23 01:47 - 00694232 _____ (Adobe Systems Incorporated) L:\Windows\system32\FlashPlayerApp.exe
2014-04-29 05:40 - 2014-04-23 01:47 - 00078296 _____ (Adobe Systems Incorporated) L:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-27 07:22 - 2014-04-27 07:22 - 00040252 _____ () L:\Users\jb\Documents\cc_20140427_072200.reg
2014-04-27 06:51 - 2014-04-27 06:51 - 00000000 ____D () L:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3
2014-04-22 15:37 - 2006-12-20 11:55 - 03066968 _____ (Aladdin Knowledge Systems.) L:\Windows\system32\hinstd.dll
2014-04-22 15:37 - 2006-12-20 10:00 - 02511360 _____ (Aladdin Knowledge Systems Ltd.) L:\Windows\system32\haspds_windows.dll
2014-04-22 15:37 - 2006-12-20 10:00 - 00671112 _____ (Aladdin Knowledge Systems Ltd.) L:\Windows\system32\hdinst_windows.dll
2014-04-22 15:37 - 2006-11-30 11:06 - 00069632 _____ (Aladdin Knowledge Systems) L:\Windows\system32\hasp_inst_help1.dll
2014-04-22 15:37 - 2005-09-06 17:06 - 00028672 _____ () L:\Windows\system32\hlduinst.exe
2014-04-22 15:37 - 2002-07-26 17:02 - 00153088 _____ () L:\Windows\system32\UNWISE.EXE
2014-04-22 15:27 - 2014-04-22 15:27 - 00000721 _____ () L:\Users\Public\Desktop\ETKA 7.4 PLUS 2013.lnk
2014-04-22 15:27 - 2014-04-22 15:27 - 00000000 ____D () L:\ProgramData\Microsoft\Windows\Start Menu\Programs\ETKA
2014-04-22 13:44 - 2014-04-22 13:44 - 00592944 _____ () L:\Windows\system32\FNTCACHE.DAT
2014-04-22 07:22 - 2014-04-22 15:37 - 00003683 _____ () L:\Windows\system32\HLDRV.LOG
2014-04-22 07:22 - 2006-11-22 10:01 - 00693760 _____ (Aladdin Knowledge Systems Ltd.) L:\Windows\system32\Drivers\hardlock.sys
2014-04-22 06:21 - 2014-04-22 17:10 - 00000199 _____ () L:\Windows\ETKINST.INI
2014-04-22 06:21 - 2014-04-22 06:32 - 00000000 ____D () L:\ProgramData\Microsoft\Windows\Start Menu\Programs\ETKA7
2014-04-22 06:21 - 2013-02-27 01:12 - 00515179 _____ () L:\Windows\etvwnzun.EXE
2014-04-21 07:15 - 2014-04-21 07:15 - 00243128 _____ (Disc Soft Ltd) L:\Windows\system32\Drivers\dtsoftbus01.sys
2014-04-21 07:15 - 2014-04-21 07:15 - 00000000 ____D () L:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2014-04-21 07:15 - 2014-04-21 07:15 - 00000000 ____D () L:\Program Files\DAEMON Tools Lite
2014-04-20 17:29 - 2014-04-20 17:33 - 00000000 ____D () L:\Users\jb\Documents\MyHeritage
2014-04-20 17:29 - 2012-08-02 08:56 - 00606208 _____ (Lorenzi Davide) L:\Windows\system32\HexUniRTFBox.ocx
2014-04-20 17:29 - 2010-06-17 19:49 - 02029056 _____ (Bytescout) L:\Windows\system32\PDFDocScout.DLL
2014-04-20 17:29 - 2003-07-06 14:07 - 00372736 _____ (Intel Corporation) L:\Windows\system32\ijl15.dll
2014-04-20 17:29 - 2002-03-07 01:19 - 00454656 _____ () L:\Windows\system32\PaintX.dll
2014-04-19 08:02 - 2014-04-19 08:02 - 00000962 _____ () L:\Users\jb\Desktop\Etka Updates.lnk
2014-04-16 08:26 - 2014-04-16 08:26 - 00000000 _____ () L:\Windows\topsecret.INI
2014-04-16 08:26 - 2014-04-16 08:26 - 00000000 _____ () L:\Windows\GDDevCtrl.INI
2014-04-16 06:50 - 2014-04-16 07:53 - 00020736 _____ (G Data Software AG) L:\Windows\system32\Drivers\GDKBFlt32.sys
2014-04-16 06:50 - 2014-04-16 06:50 - 00000000 ____H () L:\Windows\system32\Drivers\Msft_Kernel_GDKBFlt32_01007.Wdf
2014-04-16 06:50 - 2014-04-16 06:50 - 00000000 ____H () L:\Windows\system32\Drivers\Msft_Kernel_gddcd32_01007.Wdf
2014-04-16 06:49 - 2014-04-16 14:11 - 00000000 ____D () L:\Program Files\G Data
2014-04-16 06:49 - 2014-04-16 14:11 - 00000000 ____D () L:\Program Files\Common Files\G Data
2014-04-16 06:49 - 2014-04-16 06:49 - 00000779 _____ () L:\Users\jb\AppData\Roaming\gdscan.log
2014-04-16 06:49 - 2014-04-16 06:49 - 00000000 _____ () L:\Users\jb\AppData\Roaming\gdfw.log
2014-04-16 06:47 - 2014-04-16 08:38 - 00000000 ____D () L:\ProgramData\G Data
2014-04-16 06:17 - 2014-04-16 06:19 - 00000000 ____D () L:\Users\jb\AppData\Roaming\GenJ3
2014-04-15 15:54 - 2014-04-15 15:54 - 00026760 _____ () L:\Users\jb\Documents\cc_20140415_155405.reg
2014-04-15 15:37 - 2014-04-15 15:37 - 02925259 _____ () L:\Users\jb\Downloads\WDCFree.zip
2014-04-15 15:34 - 2014-04-15 15:34 - 00929416 _____ (CNET Download.com) L:\Users\jb\Downloads\cbsidlm-cbsi188-Wise_Disk_Cleaner-BP-10613345.exe

==================== One Month Modified Files and Folders =======

2014-05-11 06:16 - 2014-05-09 06:05 - 00000000 ____D () L:\FRST
2014-05-11 06:13 - 2014-04-30 19:18 - 01907911 _____ () L:\Windows\WindowsUpdate.log
2014-05-11 06:12 - 2014-05-06 06:05 - 00110296 _____ (Malwarebytes Corporation) L:\Windows\system32\Drivers\mbamswissarmy.sys
2014-05-11 06:06 - 2013-01-27 07:06 - 00000000 ____D () L:\Users\jb\AppData\Roaming\Xilisoft
2014-05-11 06:03 - 2012-12-22 18:52 - 00000000 ____D () L:\Program Files\VSO
2014-05-11 06:03 - 2012-11-26 17:17 - 00087608 _____ () L:\Users\jb\AppData\Roaming\inst.exe
2014-05-11 06:03 - 2012-11-26 17:17 - 00047360 _____ (VSO Software) L:\Users\jb\AppData\Roaming\pcouffin.sys
2014-05-11 06:03 - 2012-11-26 17:17 - 00007887 _____ () L:\Users\jb\AppData\Roaming\pcouffin.cat
2014-05-11 06:03 - 2012-11-26 17:17 - 00000055 _____ () L:\Users\jb\AppData\Roaming\pcouffin.log
2014-05-11 06:03 - 2012-11-26 17:17 - 00000000 ____D () L:\Users\jb\AppData\Roaming\Vso
2014-05-11 06:02 - 2012-07-26 08:53 - 00000000 ____D () L:\Windows\system32\sru
2014-05-11 05:59 - 2014-01-19 08:26 - 00001002 _____ () L:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-11 05:55 - 2012-08-28 15:51 - 00000000 ____D () L:\Users\jb\AppData\Roaming\Shareaza
2014-05-11 05:49 - 2012-11-29 20:19 - 00000000 ____D () L:\Program Files\Paragon Software
2014-05-11 05:46 - 2012-10-11 08:06 - 00000000 ____D () L:\Program Files\OO Software
2014-05-11 05:44 - 2013-12-31 08:19 - 00000000 ____D () L:\Program Files\MAGIX
2014-05-11 05:44 - 2012-12-01 19:46 - 00000000 ____D () L:\Users\jb\AppData\Roaming\MAGIX
2014-05-11 05:44 - 2012-12-01 19:40 - 00000000 ____D () L:\ProgramData\MAGIX
2014-05-11 05:43 - 2013-12-31 08:19 - 00000000 ____D () L:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2014-05-11 05:43 - 2012-07-26 07:00 - 00000000 ___HD () L:\Program Files\InstallShield Installation Information
2014-05-11 05:38 - 2013-04-26 12:24 - 00000000 ____D () L:\Program Files\Simpli Software
2014-05-11 05:38 - 2012-11-28 22:52 - 00000000 ____D () L:\Program Files\Hamster Soft
2014-05-11 05:37 - 2013-01-18 06:37 - 00000000 ____D () L:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hamster Soft
2014-05-11 05:34 - 2012-08-01 19:09 - 00000000 ____D () L:\Program Files\EASEUS
2014-05-11 05:33 - 2013-01-31 06:32 - 00000000 ____D () L:\Users\jb\AppData\Roaming\IObit
2014-05-11 05:33 - 2012-10-31 07:46 - 00000000 ____D () L:\ProgramData\IObit
2014-05-11 05:33 - 2012-10-31 07:28 - 00000000 ____D () L:\Program Files\IObit
2014-05-11 05:30 - 2014-02-11 06:13 - 00001082 _____ () L:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-11 05:27 - 2013-11-17 17:58 - 00000000 ____D () L:\Program Files\Soft Gold
2014-05-11 05:27 - 2012-07-28 15:01 - 00000000 ____D () L:\Program Files\FinalWire
2014-05-11 05:26 - 2013-04-09 05:07 - 00000000 ____D () L:\Program Files\4Videosoft Studio
2014-05-11 05:12 - 2014-05-11 05:12 - 00000916 __RSH () L:\Users\jb\ntuser.pol
2014-05-11 05:12 - 2014-04-30 19:18 - 01950676 _____ () L:\Windows\setupact.log
2014-05-11 05:12 - 2014-04-30 19:18 - 00005704 _____ () L:\Windows\DtcInstall.log
2014-05-11 05:12 - 2014-02-11 06:13 - 00001078 _____ () L:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-11 05:12 - 2012-10-29 17:26 - 00000000 ____D () L:\Users\jb
2014-05-11 05:12 - 2012-07-26 08:04 - 00000006 ____H () L:\Windows\Tasks\SA.DAT
2014-05-10 08:15 - 2014-05-02 08:15 - 00001790 _____ () L:\Users\jb\Desktop\BWMeter.lnk
2014-05-10 08:15 - 2014-05-02 08:15 - 00000000 ____D () L:\Program Files\BWMeter
2014-05-10 07:17 - 2012-07-26 08:53 - 00000000 ____D () L:\Windows\Microsoft.NET
2014-05-10 06:32 - 2014-05-10 06:32 - 00000000 ____D () L:\Program Files\Mozilla Firefox
2014-05-09 06:26 - 2014-05-09 06:14 - 00043793 _____ () L:\Users\jb\Desktop\CheckResults.txt
2014-05-08 06:24 - 2013-10-06 08:04 - 00000000 ____D () L:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-05-08 06:03 - 2014-05-08 06:03 - 00001093 _____ () L:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-08 06:03 - 2014-05-06 06:07 - 00000000 ____D () L:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-08 06:03 - 2014-05-06 06:07 - 00000000 ____D () L:\Program Files\Malwarebytes Anti-Malware
2014-05-07 15:51 - 2014-05-01 05:24 - 00001206 _____ () L:\Windows\PFRO.log
2014-05-07 05:43 - 2012-07-26 08:53 - 00000000 ____D () L:\Windows\system32\NDF
2014-05-07 05:16 - 2014-05-07 05:16 - 00043152 _____ (AVAST Software) L:\Windows\avastSS.scr
2014-05-07 05:16 - 2014-05-07 05:16 - 00024184 _____ () L:\Windows\system32\Drivers\aswHwid.sys
2014-05-07 05:16 - 2014-05-07 05:16 - 00002066 _____ () L:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-05-07 05:16 - 2013-12-20 19:25 - 00067776 _____ (AVAST Software) L:\Windows\system32\Drivers\aswstm.sys
2014-05-07 05:16 - 2013-11-09 06:21 - 00411552 _____ (AVAST Software) L:\Windows\system32\Drivers\aswsp.sys
2014-05-07 05:16 - 2013-02-17 15:41 - 00180632 _____ () L:\Windows\system32\Drivers\aswVmm.sys
2014-05-07 05:16 - 2013-02-17 15:41 - 00049944 _____ () L:\Windows\system32\Drivers\aswRvrt.sys
2014-05-07 05:16 - 2012-11-02 18:09 - 00271264 _____ (AVAST Software) L:\Windows\system32\aswBoot.exe
2014-05-07 05:16 - 2012-07-26 07:40 - 00776976 _____ (AVAST Software) L:\Windows\system32\Drivers\aswSnx.sys
2014-05-07 05:16 - 2012-07-26 07:40 - 00081768 _____ (AVAST Software) L:\Windows\system32\Drivers\aswRdr2.sys
2014-05-07 05:16 - 2012-07-26 07:40 - 00067824 _____ (AVAST Software) L:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-06 21:40 - 2014-05-06 21:40 - 00000770 _____ () L:\esscnx.txt
2014-05-06 18:36 - 2012-07-26 06:17 - 00524288 ___SH () L:\Windows\system32\config\BBI
2014-05-06 18:17 - 2011-04-12 03:44 - 00000000 ____D () L:\Windows\RemotePackages
2014-05-06 14:52 - 2014-05-06 14:52 - 00000953 _____ () L:\prot2.txt
2014-05-06 09:13 - 2014-05-06 09:13 - 00001721 _____ () L:\prot.txt
2014-05-06 08:01 - 2012-07-26 08:53 - 00000000 ____D () L:\Windows\rescache
2014-05-06 07:44 - 2012-08-04 16:58 - 00000000 ____D () L:\Program Files\XnView
2014-05-06 07:09 - 2012-07-26 08:53 - 00000000 ____D () L:\Windows\WinStore
2014-05-06 06:29 - 2012-08-06 06:22 - 00000000 ____D () L:\Users\jb\AppData\Roaming\BITS
2014-05-06 06:07 - 2013-08-07 06:00 - 00000000 ____D () L:\Users\jb\AppData\Roaming\Malwarebytes
2014-05-06 06:07 - 2013-08-05 15:23 - 00000000 ____D () L:\ProgramData\Malwarebytes
2014-05-05 13:23 - 2014-05-08 06:03 - 00074456 _____ (Malwarebytes Corporation) L:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-05 13:23 - 2014-05-08 06:03 - 00051928 _____ (Malwarebytes Corporation) L:\Windows\system32\Drivers\mwac.sys
2014-05-05 13:23 - 2014-05-08 06:03 - 00023256 _____ (Malwarebytes Corporation) L:\Windows\system32\Drivers\mbam.sys
2014-05-05 05:27 - 2014-05-05 05:27 - 00000000 ____D () L:\_OTL
2014-05-05 05:12 - 2014-05-04 15:41 - 00000000 ____D () L:\Program Files\Mozilla Thunderbird
2014-05-04 17:48 - 2014-05-04 17:00 - 00000664 _____ () L:\Users\jb\Desktop\MsgBloc.txt
2014-05-04 17:09 - 2014-05-04 17:09 - 00180684 _____ () L:\Users\jb\Desktop\OTL.Txt
2014-05-04 17:09 - 2014-05-04 17:09 - 00102678 _____ () L:\Users\jb\Desktop\Extras.Txt
2014-05-04 16:52 - 2012-08-05 15:30 - 00000000 ____D () L:\ProgramData\CanonIJPLM
2014-05-04 16:48 - 2014-05-04 17:00 - 00602112 _____ (OldTimer Tools) L:\Users\jb\Desktop\OTL.exe
2014-05-02 08:17 - 2014-05-02 08:17 - 00000000 ____D () L:\ProgramData\DeskSoft
2014-05-02 08:15 - 2014-05-02 08:15 - 00036384 _____ (DeskSoft) L:\Windows\system32\Drivers\dsnpfd.sys
2014-05-02 08:15 - 2014-05-02 08:15 - 00000000 ____D () L:\Users\jb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BWMeter
2014-05-02 06:59 - 2012-07-26 08:53 - 00000000 ____D () L:\Windows\AUInstallAgent
2014-05-01 05:29 - 2012-09-29 06:46 - 00000000 ____D () L:\Users\jb\AppData\Local\CrashDumps
2014-04-30 19:18 - 2014-04-30 19:18 - 00000000 _____ () L:\Windows\setuperr.log
2014-04-30 19:17 - 2014-03-04 15:29 - 00000000 ____D () L:\AdwCleaner
2014-04-30 19:12 - 2014-04-30 19:12 - 00001638 _____ () L:\AdwCleaner[R13].txt
2014-04-30 19:11 - 2014-04-30 19:11 - 00025436 _____ () L:\Users\jb\Documents\cc_20140430_191134.reg
2014-04-30 18:35 - 2013-04-06 09:00 - 00181064 _____ (Sysinternals) L:\Windows\PSEXESVC.EXE
2014-04-30 18:30 - 2014-04-30 18:30 - 00000855 _____ () L:\Windows\system32\Drivers\etc\hosts_bak
2014-04-30 18:29 - 2012-10-29 17:25 - 02333440 _____ () L:\Windows\system32\PerfStringBackup.INI
2014-04-30 17:08 - 2014-04-30 17:08 - 00000707 _____ () L:\Windows\system32\Drivers\etc\hosts_bak_508
2014-04-30 08:47 - 2013-09-06 21:28 - 00000000 ____D () L:\Users\Administrateur
2014-04-30 08:47 - 2013-01-30 20:08 - 00000000 ____D () L:\Users\2
2014-04-30 08:47 - 2013-01-09 15:33 - 00000000 ____D () L:\Users\DefaultAppPool
2014-04-30 08:47 - 2012-07-26 08:53 - 00000000 ____D () L:\Windows\registration
2014-04-29 14:47 - 2014-05-02 21:05 - 14357504 _____ (Microsoft Corporation) L:\Windows\system32\mshtml.dll
2014-04-29 14:25 - 2014-05-02 21:05 - 02706432 _____ (Microsoft Corporation) L:\Windows\system32\mshtml.tlb
2014-04-27 21:17 - 2012-11-25 19:49 - 00000000 ____D () L:\Users\jb\AppData\Roaming\vlc
2014-04-27 13:52 - 2014-03-21 15:08 - 00000248 _____ () L:\Windows\Tasks\Driver Booster SkipUAC (jb).job
2014-04-27 07:30 - 2013-01-04 07:08 - 00000000 ____D () L:\Users\jb\AppData\Roaming\KC Softwares
2014-04-27 07:22 - 2014-04-27 07:22 - 00040252 _____ () L:\Users\jb\Documents\cc_20140427_072200.reg
2014-04-27 07:21 - 2012-11-21 19:52 - 00000000 ____D () L:\Users\jb\AppData\Roaming\AIMP3
2014-04-27 07:21 - 2012-09-13 06:25 - 00000000 ____D () L:\Users\jb\AppData\Roaming\DAEMON Tools Lite
2014-04-27 07:18 - 2012-07-28 13:58 - 00000000 ____D () L:\Users\jb\Documents\Bibliothèque calibre
2014-04-27 07:11 - 2012-07-28 13:58 - 00000000 ____D () L:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2014-04-27 07:11 - 2012-07-28 13:58 - 00000000 ____D () L:\Program Files\Calibre2
2014-04-27 06:56 - 2012-08-01 05:51 - 00000000 ____D () L:\Program Files\Common Files\Adobe AIR
2014-04-27 06:54 - 2012-11-27 09:00 - 00001296 _____ () L:\Users\jb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo.lnk
2014-04-27 06:54 - 2012-09-02 11:42 - 00000000 ____D () L:\Program Files\CCleaner
2014-04-27 06:52 - 2012-08-04 16:58 - 00000000 ____D () L:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView
2014-04-27 06:51 - 2014-04-27 06:51 - 00000000 ____D () L:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3
2014-04-27 06:51 - 2012-11-21 19:52 - 00000000 ____D () L:\Program Files\AIMP3
2014-04-24 09:25 - 2013-12-27 07:14 - 00000000 ____D () L:\Windows\Minidump
2014-04-23 19:04 - 2012-08-04 17:07 - 00000000 ____D () L:\Users\jb\AppData\Roaming\XnView
2014-04-23 01:47 - 2014-04-29 05:40 - 00694232 _____ (Adobe Systems Incorporated) L:\Windows\system32\FlashPlayerApp.exe
2014-04-23 01:47 - 2014-04-29 05:40 - 00078296 _____ (Adobe Systems Incorporated) L:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-22 17:10 - 2014-04-22 06:21 - 00000199 _____ () L:\Windows\ETKINST.INI
2014-04-22 15:37 - 2014-04-22 07:22 - 00003683 _____ () L:\Windows\system32\HLDRV.LOG
2014-04-22 15:27 - 2014-04-22 15:27 - 00000721 _____ () L:\Users\Public\Desktop\ETKA 7.4 PLUS 2013.lnk
2014-04-22 15:27 - 2014-04-22 15:27 - 00000000 ____D () L:\ProgramData\Microsoft\Windows\Start Menu\Programs\ETKA
2014-04-22 15:27 - 2012-07-26 08:53 - 00000000 ____D () L:\Windows\System
2014-04-22 13:44 - 2014-04-22 13:44 - 00592944 _____ () L:\Windows\system32\FNTCACHE.DAT
2014-04-22 08:43 - 2012-11-17 07:13 - 00000000 ____D () L:\Users\jb\AppData\Roaming\Wise Disk Cleaner
2014-04-22 06:32 - 2014-04-22 06:21 - 00000000 ____D () L:\ProgramData\Microsoft\Windows\Start Menu\Programs\ETKA7
2014-04-22 06:22 - 2009-07-14 04:04 - 00000513 _____ () L:\Windows\win.ini
2014-04-21 15:52 - 2012-07-26 08:53 - 00000000 ____D () L:\Windows\L2Schemas
2014-04-21 07:15 - 2014-04-21 07:15 - 00243128 _____ (Disc Soft Ltd) L:\Windows\system32\Drivers\dtsoftbus01.sys
2014-04-21 07:15 - 2014-04-21 07:15 - 00000000 ____D () L:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2014-04-21 07:15 - 2014-04-21 07:15 - 00000000 ____D () L:\Program Files\DAEMON Tools Lite
2014-04-21 07:11 - 2012-09-08 08:29 - 00000000 ____D () L:\Users\jb\AppData\Roaming\GlarySoft
2014-04-20 17:33 - 2014-04-20 17:29 - 00000000 ____D () L:\Users\jb\Documents\MyHeritage
2014-04-20 07:27 - 2013-01-10 07:40 - 00000000 ____D () L:\DownLoad
2014-04-19 09:22 - 2014-05-06 04:48 - 00509256 _____ (Microsoft Corporation) L:\Windows\system32\NotificationUI.exe
2014-04-19 08:57 - 2014-05-06 04:48 - 00566784 _____ (Microsoft Corporation) L:\Windows\system32\WSShared.dll
2014-04-19 08:57 - 2014-05-06 04:48 - 00124928 _____ (Microsoft Corporation) L:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-19 08:02 - 2014-04-19 08:02 - 00000962 _____ () L:\Users\jb\Desktop\Etka Updates.lnk
2014-04-16 14:14 - 2012-07-26 08:53 - 00000000 ____D () L:\Windows\system32\spool
2014-04-16 14:11 - 2014-04-16 06:49 - 00000000 ____D () L:\Program Files\G Data
2014-04-16 14:11 - 2014-04-16 06:49 - 00000000 ____D () L:\Program Files\Common Files\G Data
2014-04-16 08:42 - 2014-01-29 16:25 - 00000000 ____D () L:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-16 08:42 - 2012-08-08 08:14 - 00000000 ____D () L:\Program Files\Java
2014-04-16 08:38 - 2014-04-16 06:47 - 00000000 ____D () L:\ProgramData\G Data
2014-04-16 08:36 - 2012-07-26 08:53 - 00000000 ____D () L:\Windows\system32\winevt
2014-04-16 08:36 - 2012-07-26 08:53 - 00000000 ____D () L:\Windows\system32\WinBioPlugIns
2014-04-16 08:36 - 2012-07-26 08:53 - 00000000 ____D () L:\Windows\system32\MUI
2014-04-16 08:36 - 2012-07-26 08:53 - 00000000 ____D () L:\Windows\system32\LogFiles
2014-04-16 08:36 - 2012-07-26 08:53 - 00000000 ____D () L:\Windows\system32\IME
2014-04-16 08:36 - 2012-07-26 08:53 - 00000000 ____D () L:\Windows\system32\Com
2014-04-16 08:36 - 2012-07-26 06:43 - 00000000 ____D () L:\Windows\system32\SMI
2014-04-16 08:26 - 2014-04-16 08:26 - 00000000 _____ () L:\Windows\topsecret.INI
2014-04-16 08:26 - 2014-04-16 08:26 - 00000000 _____ () L:\Windows\GDDevCtrl.INI
2014-04-16 07:53 - 2014-04-16 06:50 - 00020736 _____ (G Data Software AG) L:\Windows\system32\Drivers\GDKBFlt32.sys
2014-04-16 06:50 - 2014-04-16 06:50 - 00000000 ____H () L:\Windows\system32\Drivers\Msft_Kernel_GDKBFlt32_01007.Wdf
2014-04-16 06:50 - 2014-04-16 06:50 - 00000000 ____H () L:\Windows\system32\Drivers\Msft_Kernel_gddcd32_01007.Wdf
2014-04-16 06:49 - 2014-04-16 06:49 - 00000779 _____ () L:\Users\jb\AppData\Roaming\gdscan.log
2014-04-16 06:49 - 2014-04-16 06:49 - 00000000 _____ () L:\Users\jb\AppData\Roaming\gdfw.log
2014-04-16 06:19 - 2014-04-16 06:17 - 00000000 ____D () L:\Users\jb\AppData\Roaming\GenJ3
2014-04-15 17:33 - 2012-10-29 17:16 - 00000000 ____D () L:\Windows\system32\msmq
2014-04-15 15:54 - 2014-04-15 15:54 - 00026760 _____ () L:\Users\jb\Documents\cc_20140415_155405.reg
2014-04-15 15:52 - 2012-11-26 17:16 - 00000000 ____D () L:\ProgramData\VSO
2014-04-15 15:48 - 2014-03-06 15:58 - 00000000 ____D () L:\Users\jb\AppData\Roaming\WiseUpdate
2014-04-15 15:37 - 2014-04-15 15:37 - 02925259 _____ () L:\Users\jb\Downloads\WDCFree.zip
2014-04-15 15:35 - 2012-11-17 07:12 - 00000000 ____D () L:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Disk Cleaner
2014-04-15 15:34 - 2014-04-15 15:34 - 00929416 _____ (CNET Download.com) L:\Users\jb\Downloads\cbsidlm-cbsi188-Wise_Disk_Cleaner-BP-10613345.exe
2014-04-12 06:49 - 2014-02-02 07:51 - 00000000 ____D () L:\Users\Public\Foxit Software

Some content of TEMP:
====================
L:\Users\jb\AppData\Local\Temp\Foxit PhantomPDF Updater.exe
L:\Users\jb\AppData\Local\Temp\Foxit Updater.exe
L:\Users\jb\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

L:\Windows\explorer.exe => MD5 is legit
L:\Windows\system32\winlogon.exe => MD5 is legit
L:\Windows\system32\wininit.exe => MD5 is legit
L:\Windows\system32\svchost.exe => MD5 is legit
L:\Windows\system32\services.exe => MD5 is legit
L:\Windows\system32\User32.dll => MD5 is legit
L:\Windows\system32\userinit.exe => MD5 is legit
L:\Windows\system32\rpcss.dll => MD5 is legit
L:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-10 07:16

==================== End Of Log ============================

[Maniac]

• Launch Malwarebytes' Anti-Malware
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
• Go to Scanner tab and select Threat Scan, then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

[jacqventoux]

Hello

 

All OK

 

Log02

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/05/2014
Scan Time: 17:36:07
Logfile:
Administrator: Yes

Version: 2.00.2.1010
Malware Database: v2014.05.11.06
Rootkit Database: v2014.03.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8
CPU: x86
File System: NTFS
User: jb

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 375484
Time Elapsed: 13 min, 22 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

[Maniac]

Step 1

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Step 2

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Scan button. Wait until is finished.
• Click on Clean.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.

In your next reply, post the following log files:

• Junkware Removal Tool log
• AdwCleaner log

[jacqventoux]

Hello

 

03  JRT.txt

04  AdwCleaner[s5].txt

05  AdwCleaner[R5].txt

 

 

Cordially

 

Jacques

 

 

 

 

Log03

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 Pro with Media Center x86
Ran by jb on 12/05/2014 at 18:27:34,00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1126985804-3469020229-1997384072-1001\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1126985804-3469020229-1997384072-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "L:\Users\jb\appdata\locallow\torntv 2"
Successfully deleted: [Folder] "L:\Users\jb\Local Settings\Application Data\cre"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/05/2014 at 18:31:57,56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Log04

 

# AdwCleaner v3.208 - Rapport créé le 12/05/2014 à 18:58:33
# Mis à jour le 11/05/2014 par Xplode
# Système d'exploitation : Windows 8 Pro with Media Center  (32 bits)
# Nom d'utilisateur : jb - NEW_JACQ
# Exécuté depuis : K:\DownLoad\AdwCleaner.exe
# Option : Nettoyer

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****

Fichier Supprimé : L:\Users\jb\daemonprocess.txt

***** [ Raccourcis ] *****


***** [ Registre ] *****

Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}

***** [ Navigateurs ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v30.0 (fr)

[ Fichier : L:\Users\2\AppData\Roaming\Mozilla\Firefox\Profiles\jgfrfwi2.default\prefs.js ]


[ Fichier : L:\Users\jb\AppData\Roaming\Mozilla\Firefox\Profiles\47cdzkb2.default-1391285319756\prefs.js ]


-\\ Google Chrome v34.0.1847.131

[ Fichier : L:\Users\jb\AppData\Local\Google\Chrome\User Data\Default\preferences ]



*************************

AdwCleaner[R3].txt - [19837 octets] - [04/03/2014 16:21:13]
AdwCleaner[R4].txt - [1795 octets] - [30/04/2014 19:16:14]
AdwCleaner[R5].txt - [1707 octets] - [12/05/2014 18:57:31]
AdwCleaner[s3].txt - [19570 octets] - [04/03/2014 16:22:39]
AdwCleaner[s4].txt - [1894 octets] - [30/04/2014 19:17:19]
AdwCleaner[s5].txt - [1634 octets] - [12/05/2014 18:58:33]

########## EOF - L:\AdwCleaner\AdwCleaner[s5].txt - [1694 octets] ##########
 

 

Log 05

 

# AdwCleaner v3.208 - Rapport créé le 12/05/2014 à 18:56:43
# Mis à jour le 11/05/2014 par Xplode
# Système d'exploitation : Windows 8 Pro with Media Center  (32 bits)
# Nom d'utilisateur : jb - NEW_JACQ
# Exécuté depuis : K:\DownLoad\AdwCleaner.exe
# Option : Scanner

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****

Fichier Présent : L:\Users\jb\daemonprocess.txt

***** [ Raccourcis ] *****


***** [ Registre ] *****

Clé Présente : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Clé Présente : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32
Clé Présente : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS

***** [ Navigateurs ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v30.0 (fr)

[ Fichier : L:\Users\2\AppData\Roaming\Mozilla\Firefox\Profiles\jgfrfwi2.default\prefs.js ]


[ Fichier : L:\Users\jb\AppData\Roaming\Mozilla\Firefox\Profiles\47cdzkb2.default-1391285319756\prefs.js ]


-\\ Google Chrome v34.0.1847.131

[ Fichier : L:\Users\jb\AppData\Local\Google\Chrome\User Data\Default\preferences ]



*************************

AdwCleaner[R3].txt - [19837 octets] - [04/03/2014 16:21:13]
AdwCleaner[R4].txt - [1795 octets] - [30/04/2014 19:16:14]
AdwCleaner[R5].txt - [1446 octets] - [12/05/2014 18:56:43]
AdwCleaner[s3].txt - [19570 octets] - [04/03/2014 16:22:39]
AdwCleaner[s4].txt - [1894 octets] - [30/04/2014 19:17:19]

########## EOF - L:\AdwCleaner\AdwCleaner[R5].txt - [1627 octets] ##########
 

[Maniac]

Please scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.

  ESET OnlineScan

• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

    Save it to your Desktop.

  • Double click on the to download the ESET Smart Installer. icon on your Desktop.
• Check "YES, I accept the Terms of Use."
• Click the Start button.
• Accept any security warnings from your browser.
• Under Scan Settings, check "Scan Archives" and "Remove found threats"
• Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click List Threats
• Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Click the Back button.
• Click the Finish button.

[jacqventoux]

Hello

 

Sorry : Some files "defended" in unused partitions that I will clean as soon as possible
C: for XP
N: Windows 7

Recall
Firefox, IE and Chrome
My problem is that MMFA 2.xxxx (including 2.0.2.1010) blocks some websites including "malwarebytes.org" when "Malicious Website Protection" is enabled, while others work very well.
When "Malicious Website Protection" is disabled, all sites are accessible


Regards

 

Jacques

 

 

Log06

 

L:\Users\jb\Documents\UseNeXT\alt.binaries.boneless\Philomena_2013_DVDRip_XviD-AQOS.zip    MSIL/TrojanDownloader.Agent.NI trojan    
L:\Users\jb\Downloads\cbsidlm-cbsi188-Wise_Disk_Cleaner-BP-10613345.exe    a variant of Win32/CNETInstaller.B potentially unwanted application    
L:\Users\jb\Downloads\passwordfox.zip    Win32/PSWTool.PassFox.D potentially unsafe application    
N:\Program Files\File Type Assistant\ftacfg.exe    Win32/FileTypeAssistant.A potentially unwanted application    
N:\Program Files\File Type Assistant\TSASetup.exe    a variant of Win32/FileTypeAssistant.A potentially unwanted application    
N:\Program Files\File Type Assistant\tsassist.exe    a variant of Win32/FileTypeAssistant.A potentially unwanted application    
N:\Program Files\jZip\Helper.dll    a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application    
N:\Program Files\jZip\Uninstall.exe    probably a variant of Win32/Toolbar.SearchSuite.J potentially unwanted application    
N:\ProgramData\InstallMate\{41DAF6EE-3A7B-459F-A774-72599A39D418}\Custom.dll    Win32/InstalleRex.M potentially unwanted application    
N:\ProgramData\InstallMate\{8E9AA143-18EA-4ACC-A827-50C8557983B5}\Custom.dll    Win32/InstalleRex.M potentially unwanted application    
N:\Users\All Users\InstallMate\{41DAF6EE-3A7B-459F-A774-72599A39D418}\Custom.dll    Win32/InstalleRex.M potentially unwanted application    
N:\Users\All Users\InstallMate\{8E9AA143-18EA-4ACC-A827-50C8557983B5}\Custom.dll    Win32/InstalleRex.M potentially unwanted application    
N:\Users\jb\AppData\Local\Temp\AskSLib.dll    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    
N:\Users\jb\AppData\Local\Temp\DownloadManager.exe    a variant of Win32/OutBrowse.D potentially unwanted application    
N:\Users\jb\AppData\Local\Temp\FirefoxUpdateSetup.exe    a variant of Win32/InstallCore.JE.gen potentially unwanted application    
N:\Users\jb\AppData\Local\Temp\is1914646434\1475458_stp.EXE    a variant of Win32/FileTypeAssistant.A potentially unwanted application    
N:\Users\jb\Desktop\media-player-codec-pack-v4-2-5-setup.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    
N:\Users\jb\Downloads\ClickHeretoDownload-cmm70HM.exe    Win32/Somoto.A potentially unwanted application    
N:\Users\jb\Downloads\FinalTorrentSetup [1].exe    a variant of Win32/FileTypeAssistant.A potentially unwanted application    
N:\Users\jb\Downloads\FinalTorrentSetup.exe    a variant of Win32/Injected.F trojan    
N:\Users\jb\Downloads\jZipSetup-r286-n-bf.exe    probably a variant of Win32/Toolbar.SearchSuite.J potentially unwanted application    
N:\Users\jb\Downloads\SoftonicDownloader_pour_media-player-codec-pack.exe    a variant of Win32/SoftonicDownloader.F potentially unwanted application    
N:\Users\jb\Downloads\The%20Secret%20Life%20of%20Walter%20Mitty%202014%20FRENCH%20DVDRip%20XviD-playHD.torrent(1).exe    Win32/InstalleRex.M potentially unwanted application    
N:\Users\jb\Downloads\The%20Secret%20Life%20of%20Walter%20Mitty%202014%20FRENCH%20DVDRip%20XviD-playHD.torrent.exe    Win32/InstalleRex.M potentially unwanted application    
N:\Users\jb\Downloads\trz7982.tmp    a variant of Win32/OutBrowse.D potentially unwanted application    
N:\Users\jb\Downloads\trzE762.tmp    a variant of Win32/OutBrowse.D potentially unwanted application    
N:\W7\FoxitReader531.0606_enu_Setup.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    
P:\passwordfox.zip    Win32/PSWTool.PassFox.D potentially unsafe application    
P:\Maintenance\CCleaner_v4.10.4570.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    
P:\Maintenance\disk-defrag-setup.exe    Win32/MyPCBackup.A potentially unwanted application    
P:\Maintenance\driver_booster_setup1.2.exe    a variant of Win32/Toolbar.Widgi.B potentially unwanted application    
P:\Maintenance\Recuva_v1.50.1036.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    
P:\Maintenance\Originaux\CCleaner_v4.11.4619.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    
P:\Maintenance\Originaux\disk-defrag-setup.exe    Win32/MyPCBackup.A potentially unwanted application    
P:\Maintenance\Originaux\driver_booster_setup1.2.exe    a variant of Win32/Toolbar.Widgi.B potentially unwanted application    
P:\Maintenance\Originaux\Driver_Booster_v1.3.0.172.exe    a variant of Win32/Toolbar.Widgi.B potentially unwanted application    
P:\Maintenance\Originaux\Recuva_v1.50.1036.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    
P:\Maintenance\Originaux\Recuva_v1.51.1063.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    
P:\passwordfox\passwordfox.exe    Win32/PSWTool.PassFox.D potentially unsafe application    
C:\Documents and Settings\Administrateur\Local Settings\Temp\AskSLib.dll    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\O1RSJX6D\ApnIC[1].0    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
C:\Documents and Settings\jb\Local Settings\Application Data\BittorrentBar_FR\ldrtbBitt.dll    a variant of Win32/Toolbar.Conduit.P potentially unwanted application    deleted - quarantined
C:\Documents and Settings\jb\Local Settings\Application Data\BittorrentBar_FR\tbBitt.dll    a variant of Win32/Toolbar.Conduit.B potentially unwanted application    deleted - quarantined
C:\Documents and Settings\jb\Local Settings\Application Data\Conduit\CT2849852\BittorrentBar_FRAutoUpdateHelper.exe    Win32/Toolbar.Conduit.Q potentially unwanted application    deleted - quarantined
C:\Documents and Settings\jb\Local Settings\Temporary Internet Files\Content.IE5\9BY0XUCR\SpeedUpMyPC-standalone-setup[1].exe    Win32/SpeedUpMyPC potentially unwanted application    deleted - quarantined
C:\Documents and Settings\jb\Mes documents\GRMCPRFRER_FR_DVD.iso    Win32/HackTool.WinActivator.I potentially unsafe application    deleted - quarantined
C:\Program Files\Expat_Shield\Expat_ShieldToolbarHelper.exe    Win32/Toolbar.Conduit.Q potentially unwanted application    deleted - quarantined
C:\Program Files\Expat_Shield\ldrtbExpa.dll    a variant of Win32/Toolbar.Conduit.P potentially unwanted application    deleted - quarantined
C:\Program Files\Expat_Shield\prxtbExpa.dll    Win32/Toolbar.Conduit.O potentially unwanted application    deleted - quarantined
C:\Program Files\Expat_Shield\tbExpa.dll    a variant of Win32/Toolbar.Conduit.B potentially unwanted application    deleted - quarantined
C:\Tftpd32\tftpd32.exe    a variant of Win32/TFTPD32.A potentially unsafe application    deleted - quarantined
C:\WINDOWS\uninst.exe    a variant of Win32/PCCleaners potentially unwanted application    deleted - quarantined
I:\Installation\wiivideo9-504-setup.exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
J:\Downloads\725191_video_deluxe_17_premium_273mo_f.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
J:\Downloads\BCEbwm61.rar    a variant of Win32/HackTool.Patcher.T potentially unsafe application    deleted - quarantined
J:\Downloads\ccsetup320.exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application    deleted - quarantined
J:\Downloads\daemon-tools_daemon_tools_lite_4.41.3_francais_10729.exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
J:\Downloads\iLividSetup-r757-n-bf.exe    Win32/Toolbar.SearchSuite potentially unwanted application    deleted - quarantined
J:\Downloads\ParetoLogic PC Health Advisor 3.1.2 Patch AoReTeam.rar    a variant of Win32/HackTool.Patcher.T potentially unsafe application    deleted - quarantined
J:\Downloads\PDFCreator-1_4_1_setup.exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
J:\Downloads\registrybooster.exe    Win32/RegistryBooster potentially unwanted application    deleted - quarantined
J:\Downloads\Samsung-PC-Studio.exe    a variant of Win32/InstallCore.AF potentially unwanted application    deleted - quarantined
J:\Downloads\Setup_FreeVideoConverter.exe    Win32/Toolbar.Widgi potentially unwanted application    deleted - quarantined
J:\Downloads\slow-pcfighter_Web.exe    a variant of Win32/SlowPCfighter potentially unwanted application    deleted - quarantined
J:\Downloads\SoftonicDownloader_pour_fixwin.exe    Win32/SoftonicDownloader.E potentially unwanted application    deleted - quarantined
J:\Downloads\SoftonicDownloader_pour_jdownloader.exe    Win32/SoftonicDownloader.E potentially unwanted application    deleted - quarantined
J:\Downloads\switchsetup.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    deleted - quarantined
J:\Downloads\wiivideo9-504-setup.exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
J:\Downloads\winamp561_full_emusic-7plus_all.exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
J:\Downloads\winzip165-francais.exe    Win32/Toolbar.Conduit potentially unwanted application    deleted - quarantined
J:\Downloads\WinZip165International.exe    a variant of Win32/OpenInstall potentially unwanted application    deleted - quarantined
J:\Downloads\Magix Video Deluxe 17 PREMIUM HD (2011) [App][French]\vdx17premium_download_version_fr-fr_10_0_0_33.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
J:\Downloads\SKODA\unlocker.exe    Win32/Adware.ADON potentially unwanted application    deleted - quarantined
K:\DownLoad\01net_CDBurnerXP_Pro.exe    Win32/Toolbar.Conduit.M potentially unwanted application    deleted - quarantined
K:\DownLoad\01net_Glary_Utilities.exe    Win32/Toolbar.Conduit.M potentially unwanted application    deleted - quarantined
K:\DownLoad\01net_Recuva.exe    Win32/Toolbar.Conduit.M potentially unwanted application    deleted - quarantined
K:\DownLoad\CCleaner_v4.13.4693.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
K:\DownLoad\ccsetup412.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
K:\DownLoad\cdbxp_setup_4.5.1.4003.exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
K:\DownLoad\daemon-tools-lite_daemon_tools_lite_4.46.1.0328_francais_10729.exe    Win32/DownWare.L potentially unwanted application    deleted - quarantined
K:\DownLoad\DAEMON_Tools_Lite_v4.49.1.exe    Win32/DownWare.L potentially unwanted application    deleted - quarantined
K:\DownLoad\dfsetup215.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
K:\DownLoad\disk-defrag-setup.exe    Win32/MyPCBackup.A potentially unwanted application    deleted - quarantined
K:\DownLoad\Driver Updater Pro v2.3.2.0 Patch by Under SEH T3am.zip    Win32/HackTool.Patcher.A potentially unsafe application    deleted - quarantined
K:\DownLoad\DriverUpdaterSetup-2.0.0.6004.exe    a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application    deleted - quarantined
K:\DownLoad\Driver_Booster_v1.3.0.172.exe    a variant of Win32/Toolbar.Widgi.B potentially unwanted application    deleted - quarantined
K:\DownLoad\DTLite4481-0347.exe    Win32/DownWare.L potentially unwanted application    deleted - quarantined
K:\DownLoad\e.m_total_video_converter_3.70_downloader_133.exe    a variant of Win32/YourFileDownloader potentially unwanted application    deleted - quarantined
K:\DownLoad\epm.exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
K:\DownLoad\ffactory3_install.exe    a variant of Win32/InstallCore.BY potentially unwanted application    deleted - quarantined
K:\DownLoad\FFSetup3.2.1.0.exe    a variant of Win32/Hao123.A potentially unwanted application    deleted - quarantined
K:\DownLoad\FileViewPro_2013(1).exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
K:\DownLoad\FLVPlayerSetup.exe    a variant of Win32/InstallCore.BY potentially unwanted application    deleted - quarantined
K:\DownLoad\FotoSketcher_2.80_setup.exe    a variant of Win32/InstallCore.OF potentially unwanted application    deleted - quarantined
K:\DownLoad\FoxitReader614.0217_enu_Setup.exe    a variant of Win32/OpenCandy.A potentially unsafe application    deleted - quarantined
K:\DownLoad\FreeCodecPackSetup.exe    a variant of Win32/InstallBrain.BH potentially unwanted application    deleted - quarantined
K:\DownLoad\frostwire-5.6.3.windows.exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
K:\DownLoad\frostwire-5.6.8.windows.exe    a variant of Win32/OpenCandy.A potentially unsafe application    deleted - quarantined
K:\DownLoad\FrostWire_v5.6.9.exe    a variant of Win32/OpenCandy.A potentially unsafe application    deleted - quarantined
K:\DownLoad\gvsetup.exe    a variant of Win32/Toolbar.Conduit.J potentially unwanted application    deleted - quarantined
K:\DownLoad\hamsterfreeebookconverter.exe    a variant of Win32/OpenInstall potentially unwanted application    deleted - quarantined
K:\DownLoad\Hirens.BootCD.15.2.zip    Win32/PSWTool.KonBoot.A potentially unsafe application    deleted - quarantined
K:\DownLoad\Hotspot Shield Elite 2.65 Full version (automatically updateable).rar    Win32/Toolbar.Conduit potentially unwanted application    deleted - quarantined
K:\DownLoad\HSS-3.13-install-download-80-conduit.exe    Win32/Toolbar.Conduit potentially unwanted application    deleted - quarantined
K:\DownLoad\HSS-3.37-install-hss-656-searchprotect.exe    Win32/Toolbar.Conduit potentially unwanted application    deleted - quarantined
K:\DownLoad\install_sld.exe    a variant of Win32/LogicielsEspions.C potentially unsafe application    deleted - quarantined
K:\DownLoad\IZArcInstall(1).exe    Win32/DownWare.L potentially unwanted application    deleted - quarantined
K:\DownLoad\KeyFinderInstaller.exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
K:\DownLoad\KMPlayer_3-7-0-109.exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
K:\DownLoad\look20312p_v32.zip    a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application    deleted - quarantined
K:\DownLoad\mb_bios_ga-m720-us3_f7n.exe    a variant of Win32/Kryptik.VZ trojan    deleted - quarantined
K:\DownLoad\MediaInfo_GUI_0.7.64_Windows.exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
K:\DownLoad\MediaInfo_GUI_0.7.67_Windows.exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
K:\DownLoad\MediaInfo_v0.7.65.exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
K:\DownLoad\MediaInfo_v0.7.68.exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
K:\DownLoad\mkvtoavi.exe    Win32/InstallMonetizer.AF potentially unwanted application    deleted - quarantined
K:\DownLoad\MPSetup.exe    a variant of Win32/InstallCore.BY potentially unwanted application    deleted - quarantined
K:\DownLoad\o565x.Portable.SolvuSoft.FileViewPro.2013.v1.5.0.0.rar    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
K:\DownLoad\OpenSubtitlesPlayerD.exe    a variant of Win32/Toolbar.Babylon.A potentially unwanted application    deleted - quarantined
K:\DownLoad\passwordfox.zip    Win32/PSWTool.PassFox.D potentially unsafe application    deleted - quarantined
K:\DownLoad\PDFCreator-1_7_1_setup.exe    Win32/InstallMonetizer.AQ potentially unwanted application    deleted - quarantined
K:\DownLoad\PDFCreator_v1.7.2.exe    Win32/InstallMonetizer.AQ potentially unwanted application    deleted - quarantined
K:\DownLoad\pdfforge_Images2PDF-0_9_2-setup.exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
K:\DownLoad\photo_graphic_designer_2013(1).exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
K:\DownLoad\photo_graphic_designer_2013.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
K:\DownLoad\produkey.zip    a variant of Win32/PSWTool.ProductKey potentially unsafe application    deleted - quarantined
K:\DownLoad\Professor.Franklins.Instant.Photo.Effects.v2.0.Incl.Keygen-TSZ.ZIP    a variant of Win32/Keygen.FF potentially unsafe application    deleted - quarantined
K:\DownLoad\professorfranklin'sinstantphotoeffectsv2.0keygentsz.zip    a variant of Win32/Keygen.FF potentially unsafe application    deleted - quarantined
K:\DownLoad\ProfessorFranklin__sInstantPhotoEffects2.0.rar    a variant of Win32/Keygen.FF potentially unsafe application    deleted - quarantined
K:\DownLoad\rcsetup149.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
K:\DownLoad\Recuva_v1.50.1036.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
K:\DownLoad\Recuva_v1.51.1063.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
K:\DownLoad\registry-cleaner-setup.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
K:\DownLoad\routerpassview.zip    a variant of Win32/PSWTool.RouterPassView.B potentially unsafe application    deleted - quarantined
K:\DownLoad\Serial_Number_Bcl_Easyconverter_Desktop_3_Word_Version_Downloader.exe    a variant of Win32/BundleInstaller.C potentially unwanted application    deleted - quarantined
K:\DownLoad\Serial_Number_Bcl_Easyconverter_Desktop_3_Word_Version_downloader_fr_99104.exe    a variant of Win32/ExpressFiles.B potentially unwanted application    deleted - quarantined
K:\DownLoad\SetupImgBurn_2.5.7.0(1).exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
K:\DownLoad\SetupImgBurn_2.5.8.0.exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
K:\DownLoad\setup_free_pdf_converter(1).exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
K:\DownLoad\setup_funny_photo_maker.exe    a variant of Win32/InstallCore.BY potentially unwanted application    deleted - quarantined
K:\DownLoad\SoftonicDownloader_pour_camuniversal.exe    Win32/SoftonicDownloader.E potentially unwanted application    deleted - quarantined
K:\DownLoad\SoftonicDownloader_pour_foxit-pdf-editor.exe    Win32/SoftonicDownloader.E potentially unwanted application    deleted - quarantined
K:\DownLoad\SoftonicDownloader_pour_tweak-7.exe    a variant of Win32/SoftonicDownloader.F potentially unwanted application    deleted - quarantined
K:\DownLoad\Splayer.exe    Win32/OutBrowse.D potentially unwanted application    deleted - quarantined
K:\DownLoad\spsetup121.exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application    deleted - quarantined
K:\DownLoad\sumo(3).exe    Win32/DownWare.W potentially unwanted application    deleted - quarantined
K:\DownLoad\SUPERsetup.exe    Win32/DownWare.W potentially unwanted application    deleted - quarantined
K:\DownLoad\sus.exe    Win32/DownWare.W potentially unwanted application    deleted - quarantined
K:\DownLoad\SweetHome3D-4.2-windows-oc.exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
K:\DownLoad\tb_free.exe    a variant of Win32/TFTPD32.A potentially unsafe application    deleted - quarantined
K:\DownLoad\Tftpd32-4.00-setup.exe    a variant of Win32/TFTPD32.A potentially unsafe application    deleted - quarantined
K:\DownLoad\tsasetup.exe    a variant of Win32/FileTypeAssistant.A potentially unwanted application    deleted - quarantined
K:\DownLoad\u.zip    Win32/UltraReach potentially unsafe application    deleted - quarantined
K:\DownLoad\ubcd511.iso    Win32/PSWTool.KonBoot.A potentially unsafe application    deleted - quarantined
K:\DownLoad\ubcd529.iso    Win32/PSWTool.KonBoot.A potentially unsafe application    deleted - quarantined
K:\DownLoad\Unlocker1.9.1.exe    a variant of Win32/Toolbar.Babylon.A potentially unwanted application    deleted - quarantined
K:\DownLoad\uTorrent-3.4.1-Beta.exe    a variant of Win32/InstallCore.JE.gen potentially unwanted application    deleted - quarantined
K:\DownLoad\win95_iso_downloader_fr_99333.exe    a variant of Win32/ExpressFiles.B potentially unwanted application    deleted - quarantined
K:\DownLoad\Windows_95_Full_Version.exe    Win32/Adware.1ClickDownload.AJ application    cleaned by deleting - quarantined
K:\DownLoad\Windows_95_FULL_version_Bootable_ISO.exe    Win32/Adware.1ClickDownload.AJ application    cleaned by deleting - quarantined
K:\DownLoad\Winrar-420.exe    a variant of Win32/InstallCore.AZ potentially unwanted application    deleted - quarantined
K:\DownLoad\WinZip170.exe    a variant of Win32/OpenInstall potentially unwanted application    deleted - quarantined
K:\DownLoad\WIN_XP_HOME_OEM.ISO    Win32/HackTool.WpaKill.B potentially unsafe application    deleted - quarantined
K:\DownLoad\wmvtoavi [1].exe    Win32/InstallMonetizer.AF potentially unwanted application    deleted - quarantined
K:\DownLoad\wmvtoavi.exe    Win32/InstallCore.HT potentially unwanted application    deleted - quarantined
K:\DownLoad\xilisoft-html-to-epub-converter-1.0.2.1214.exe_downloader_fr_99138.exe    a variant of Win32/ExpressFiles.B potentially unwanted application    deleted - quarantined
K:\DownLoad\Advanced SystemCare PRO 7.1.0.387 Final incl. Serial {AmanPC}\asc-setup.exe    a variant of Win32/Toolbar.Widgi.B potentially unwanted application    deleted - quarantined
K:\DownLoad\Hirens.BootCD.15.2\Hiren's.BootCD.15.2.FR.Keyboard.iso    Win32/PSWTool.KonBoot.A potentially unsafe application    deleted - quarantined
K:\DownLoad\Hirens.BootCD.15.2\Hiren's.BootCD.15.2.iso    Win32/PSWTool.KonBoot.A potentially unsafe application    deleted - quarantined
K:\DownLoad\Installation W8\Bureautique\Suites\Office 2010\Microsoft Office Proffesional Plus 2010 Corporate Final (full activated).iso    a variant of MSIL/HackKMS.A potentially unsafe application    deleted - quarantined
K:\DownLoad\Installation W8\Internet\Téléchargements et FTP\FTP Synchroniser Pro 5.2.97.803\crack\ftp.synchroniser.pro.5.2.97.803.crack-tsrh.exe    a variant of Win32/HackTool.Patcher.BD potentially unsafe application    deleted - quarantined
K:\DownLoad\Installation W8\Internet\Téléchargements et FTP\SmartFTP 4.1.1307 + Patch\SmartFTP 4.1.1307.tgz    a variant of Win32/HackTool.Crack.BR potentially unsafe application    deleted - quarantined
K:\DownLoad\Installation W8\Livres lus\Convertisseurs\4Media EPUB Creation Suite 1.0.4 (Build 0124){h33t}{imageking}\m-epub-creation-suite.exe    Win32/Toolbar.Zugo potentially unwanted application    deleted - quarantined
K:\DownLoad\Installation W8\Livres lus\Convertisseurs\4MediaEpubConverter1.0\m-epub-creation-suite.exe    Win32/Toolbar.Zugo potentially unwanted application    deleted - quarantined
K:\DownLoad\Installation W8\Videos\Convertisseurs\FreemakeVideoConverterSetup(1).exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
K:\DownLoad\Installation W8\Videos\Convertisseurs\hamsterfreevideoconverter.exe    a variant of Win32/OpenInstall potentially unwanted application    deleted - quarantined
K:\DownLoad\look20312p_v32\DriverUpdaterSetup-2.0.0.6004.exe    a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application    deleted - quarantined
K:\DownLoad\O&O Defrag Professional 17.0 + Keygen\OODefrag17ProfessionalEnu.exe    a variant of Win32/Amonetize.Q potentially unwanted application    deleted - quarantined
K:\DownLoad\O&O Defrag Professional Full v16.0 build 151(32bit+64) with Incl Key\OODefrag16ProfessionalEnu.exe    multiple threats    cleaned by deleting - quarantined
K:\DownLoad\Phone Unlocking for All Mobilephones - SPECIAL-\Phone Unlocking for All Mobilephones - SPECIAL-.rar    a variant of Win32/TrojanDropper.Surldoe.A trojan    deleted - quarantined
K:\DownLoad\Portable.FileViewPro\FileViewPro_2013_1.5.0.0_Install.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
K:\DownLoad\produkey\ProduKey.exe    a variant of Win32/PSWTool.ProductKey potentially unsafe application    deleted - quarantined
K:\DownLoad\routerpassview\RouterPassView.exe    a variant of Win32/PSWTool.RouterPassView.B potentially unsafe application    deleted - quarantined
K:\DownLoad\software\Advanced SystemCare Pro 7.0.6.364+Crack\asc-setup.exe    a variant of Win32/Toolbar.Widgi.B potentially unwanted application    deleted - quarantined
K:\DownLoad\TuneUp Utilities 2013 13.0.2020.9 + Patch\TuneUp Utilities 2013 13.0.2020.9 + Patch.tgz    a variant of Win32/HackTool.Patcher.AD potentially unsafe application    deleted - quarantined
K:\DownLoad\Windows XP Ultimate Edition (by Johnny) [February2009-R4.1]\Windows XP Ultimate Edition (by Johnny) [February2009-R4.1].iso    Win32/WFPDisabler.A potentially unsafe application    deleted - quarantined
K:\DownLoad\Winzip 17.0.10.283 pro francais complet\patch 32-64 bits.rar    a variant of Win32/HackTool.Patcher.AD potentially unsafe application    deleted - quarantined
K:\DownLoad\Winzip 17.0.10.283 pro francais complet\patch 32-64 bits\winzip.pro.17.x.(x64)-patch.exe    a variant of Win32/HackTool.Patcher.AD potentially unsafe application    deleted - quarantined
K:\DownLoad\Winzip 17.0.10.283 pro francais complet\patch 32-64 bits\winzip.pro.17.x.(x86)-patch.exe    a variant of Win32/HackTool.Patcher.AD potentially unsafe application    deleted - quarantined
K:\DownLoad\[Torrentfrancais.com]-daemon-tools-pro-advanced-v5-3-0-0359-multilingual-cracked-brd\[Torrentfrancais.com]-daemon-tools-pro-advanced-v5-3-0-0359-multilingual-cracked-brd\Crack\Patch.exe    a variant of Win32/HackTool.Patcher.AD potentially unsafe application    deleted - quarantined
K:\Maintenance\CCleaner_v4.10.4570.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
K:\Maintenance\disk-defrag-setup.exe    Win32/MyPCBackup.A potentially unwanted application    deleted - quarantined
K:\Maintenance\driver_booster_setup1.2.exe    a variant of Win32/Toolbar.Widgi.B potentially unwanted application    deleted - quarantined
K:\Maintenance\Recuva_v1.50.1036.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
L:\Keygen for [arcsoft]\trzF68A.tmp    a variant of Win32/Kryptik.AMFH trojan    cleaned by deleting - quarantined
L:\Users\jb\Documents\APNSetup1.exe    a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application    deleted - quarantined
 

[Maniac]

Due to our policy I suspend assistance here, because I see that you have a lot of problems caused by pirating.

https://forums.malwarebytes.org/index.php?showtopic=97700

This thread will be closed.

[jacqventoux]

good evening

I am awfully sorry
I thoroughly clean my current partition on Windows 8 official of all unwanted files.
I forgot to clean C: Official XP and N: Official W7, existing but unused partitions.
I understand your situation, but the problem still exists, I go back to version 1.75 and will remove the 2.0.xxx version for me is bugged.

Thank you again for your support

Jacques

 

PS: What can I do more?

[AdvancedSetup]

This topic will now be closed due to evidence of cracked or pirated software on this system.

Piracy Policy