Radd Posted October 2, 2014 ID:885757 Share Posted October 2, 2014 Hi everyone, A couple of days ago, my usb key got infected by a virus when I used it to go print a document with it at a print shop. When I next connected it to my computer, the files on it appeared as shortcuts. Unfortunately, I tried clicking on one of the shortcuts to see if it opened the file (it did), which from what I understand launched the virus into my computer. When I asked a colleague to check the USB key, his antivirus noticed it was infected. After going online to see what had infected me based on the antivirus warning of my colleague's antivirus, I came across this page which seemed to correspond to what I was facing: http://www.mcafee.com/threat-intelligence/malware/default.aspx?id=3933216 Looking inside the Startup folder, I indeed found a new .vbs file, called "Documentation.vbs". I deleted it, and I deleted the registry keys linked to this Documentation.vbs file which appeared where the McAfee page said they would. I then updated my antivirus (McAfee), ran a full scan, and it found an infected file (still Documentation.vbs), identified the virus as "VBS/Autorun.worm.aapv" (so not .aapc like on the page I linked to, but it seems similar), and deleted it. I have since then ran several scans with McAfee, avast antivirus, Malwarebytes and Spybot (free version), and have been unable to find anything else, but I'm afraid the virus might still be hiding somewhere. Could you help me make sure my computer is clean? I ran the Farbar Recovery Scan Tool. Here is the FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-09-2014Ran by ULB (administrator) on LORENZO-PC on 02-10-2014 18:10:49Running from C:\Users\ULB\DownloadsLoaded Profile: ULB (Available profiles: UpdatusUser & ULB)Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Français (France)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Atheros) C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe(Atheros Commnucations) C:\Program Files (x86)\Atheros\Bluetooth Suite\AdminService.exe(ASUS) C:\Windows\AsScrPro.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe(ASUS) C:\Program Files\P4G\BatteryLife.exe(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe(CyberLink) C:\Config.Msi\3d5950.rbf() C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Atheros Communications) C:\Program Files (x86)\Atheros\Bluetooth Suite\BtvStack.exe(Atheros Commnucations) C:\Program Files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe(Sonix Technology Co., Ltd.) C:\Windows\vsnp2uvc.exe() C:\Program Files (x86)\Dell AIO Printer 948\memcard.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe(Windows ® Win 7 DDK provider) C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe() C:\ExpressGateUtil\VAWinAgent.exe(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe(Software 2000 Limited) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe(McAfee, Inc.) C:\Windows\System32\mfevtps.exe(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.QSRNVIVO10\MSSQL\Binn\sqlservr.exe(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe() C:\ExpressGateUtil\VAWinService.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [649608 2010-06-10] (ELAN Microelectronic Corp.)HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-08-11] (Alcor Micro Corp.)HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2010-11-30] (Realtek Semiconductor)HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Atheros\Bluetooth Suite\BtvStack.exe [613536 2010-11-26] (Atheros Communications)HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe [379040 2010-11-26] (Atheros Commnucations)HKLM\...\Run: [snp2uvc] => C:\Windows\vsnp2uvc.exe [909824 2010-01-21] (Sonix Technology Co., Ltd.)HKLM\...\Run: [intelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)HKLM\...\Run: [dldfmon.exe] => C:\Program Files (x86)\Dell AIO Printer 948\dldfmon.exe [455336 2009-04-27] ()HKLM\...\Run: [MemoryCardManager] => C:\Program Files (x86)\Dell AIO Printer 948\memcard.exe [410280 2009-04-27] ()HKLM-x32\...\Run: [FLxHCIm] => C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe [37888 2010-11-20] (Windows ® Win 7 DDK provider)HKLM-x32\...\Run: [sonicMasterTray] => C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-08] (ASUS)HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()HKLM-x32\...\Run: [VAWinAgent] => C:\ExpressGateUtil\VAWinAgent.exe [21504 2010-08-13] ()HKLM-x32\...\Run: [shStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [124240 2009-08-31] (McAfee, Inc.)HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [136512 2008-11-10] (McAfee, Inc.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2012-01-03] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [815512 2012-01-03] (Adobe Systems Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-29] (AVAST Software)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]HKU\S-1-5-21-2294549312-3842073612-1322941934-1001\...\MountPoints2: {7f909399-3b19-11e1-83ba-742f689f338c} - "F:\WD SmartWare.exe" autoplay=trueAppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)Startup: C:\Users\ULB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnkShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)Startup: C:\Users\ULB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 - Capture d’écran et lancement.lnkShortcutTarget: OneNote 2010 - Capture d’écran et lancement.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\service\AsusWSShellExt64.dll (eCareme Technologies, Inc.)BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.comSearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUTSearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.)BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Atheros\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: Programme d'aide de l'Assistant de connexion Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\..\Interfaces\{2746D67E-929E-4381-A3B6-4E89D6569629}: [NameServer] 164.15.59.200 FireFox:========FF ProfilePath: C:\Users\ULB\AppData\Roaming\Mozilla\Firefox\Profiles\de2dn2s6.defaultFF Homepage: hxxp://www.google.frFF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()FF Plugin-x32: @idsoftware.com/QuakeLive -> C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)FF user.js: detected! => C:\Users\ULB\AppData\Roaming\Mozilla\Firefox\Profiles\de2dn2s6.default\user.jsFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-france.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\cnrtl-tlfi-fr.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-france.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-france.xmlFF Extension: British English Dictionary - C:\Users\ULB\AppData\Roaming\Mozilla\Firefox\Profiles\de2dn2s6.default\Extensions\en-GB@dictionaries.addons.mozilla.org [2012-01-25]FF Extension: United States English Spellchecker - C:\Users\ULB\AppData\Roaming\Mozilla\Firefox\Profiles\de2dn2s6.default\Extensions\en-US@dictionaries.addons.mozilla.org [2013-04-10]FF Extension: Dictionnaires français - C:\Users\ULB\AppData\Roaming\Mozilla\Firefox\Profiles\de2dn2s6.default\Extensions\fr-dicollecte@dictionaries.addons.mozilla.org [2014-09-19]FF Extension: Zotero - C:\Users\ULB\AppData\Roaming\Mozilla\Firefox\Profiles\de2dn2s6.default\Extensions\zotero@chnm.gmu.edu.xpi [2013-04-05]FF Extension: Adblock Plus - C:\Users\ULB\AppData\Roaming\Mozilla\Firefox\Profiles\de2dn2s6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-01-03]FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtnFF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-02-13]FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-29] Chrome: =======CHR HomePage: Default -> hxxp://www.google.comCHR RestoreOnStartup: Default -> "hxxp://www.google.com"CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll ()CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No FileCHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (QUAKE LIVE) - C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No FileCHR Profile: C:\Users\ULB\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Documents Google) - C:\Users\ULB\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-24]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-29] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe [151552 2010-05-25] (Atheros) [File not signed]R2 AtherosSvc; C:\Program Files (x86)\Atheros\Bluetooth Suite\adminservice.exe [52896 2010-11-26] (Atheros Commnucations) [File not signed]R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-29] (AVAST Software)S2 dldfCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dldfserv.exe [33416 2007-06-26] ()S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)R2 McAfeeEngineService; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [19720 2009-08-31] (McAfee, Inc.)R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [103744 2008-11-10] (McAfee, Inc.)R2 McShield; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe [178920 2009-08-31] (McAfee, Inc.)R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [66896 2009-08-31] (McAfee, Inc.)R2 mfevtp; C:\Windows\system32\mfevtps.exe [79504 2009-08-31] (McAfee, Inc.)R2 MSSQL$QSRNVIVO10; C:\Program Files\Microsoft SQL Server\MSSQL10_50.QSRNVIVO10\MSSQL\Binn\sqlservr.exe [62379184 2014-07-10] (Microsoft Corporation)R3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-04-17] ()R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)S4 SQLAgent$QSRNVIVO10; C:\Program Files\Microsoft SQL Server\MSSQL10_50.QSRNVIVO10\MSSQL\Binn\SQLAGENT.EXE [442536 2014-07-10] (Microsoft Corporation)R2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [77312 2010-08-21] () [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-29] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-29] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-29] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-29] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-29] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-29] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-29] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-29] ()R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [49664 2010-11-20] (Fresco Logic)R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [97576 2009-08-31] (McAfee, Inc.)R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [119968 2009-08-31] (McAfee, Inc.)R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [469144 2009-08-31] (McAfee, Inc.)S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [77104 2009-08-31] (McAfee, Inc.)R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [83784 2009-08-31] (McAfee, Inc.)S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [322736 2014-07-10] (Microsoft Corporation)S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1800832 2010-09-07] (Sonix Technology Co., Ltd.)R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] () ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legitC:\Windows\System32\drivers\ACPI.sys ==> MD5 is legitC:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legitC:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228C:\Windows\system32\drivers\agp440.sys ==> MD5 is legitC:\Windows\system32\drivers\aliide.sys ==> MD5 is legitC:\Windows\system32\drivers\amdide.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legitC:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legitC:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048C:\Windows\System32\drivers\AmUStor.SYS 9C7F164B49CADC658D1B3C575782F346C:\Windows\system32\drivers\appid.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legitC:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys 4C016FD76ED5C05E84CA8CAB77993961C:\Windows\system32\drivers\aswHwid.sys D95E64416A4A3ED6986E0F474DA934BDC:\Windows\system32\drivers\aswMonFlt.sys FF1E537A3632CBB9A0BF72B9FD0878D5C:\Windows\system32\drivers\aswRdr2.sys A5757DE5F9C83AB40667A53D5126EA40C:\Windows\System32\Drivers\aswRvrt.sys 645D97385F3F284FB5604F9B970F4D24C:\Windows\system32\drivers\aswSnx.sys B8FDEDE963B82CFD23B3A53A3084666DC:\Windows\system32\drivers\aswSP.sys 0DEDC041DF594AEC2C3BD00417CFAF60C:\Windows\system32\drivers\aswStm.sys 48DED912CDE54FC0923B9858512366E1C:\Windows\System32\Drivers\aswVmm.sys 471A311745848B80339436688A8286E6C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legitC:\Windows\System32\drivers\atapi.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\btath_flt.sys CBE61B4494165F458BD87E37181EE934C:\Windows\System32\DRIVERS\athrx.sys A5E770426D18F8EF332A593F3289DA91C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys 1F7238A37389ED92E9D8EEE975CABD54C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legitC:\Windows\System32\Drivers\Beep.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legitC:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legitC:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legitC:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legitC:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legitC:\Windows\System32\drivers\btath_a2dp.sys 227C8F308DE4AF4808E587465CEAB838C:\Windows\System32\DRIVERS\btath_bus.sys A83A91D07D1FE6BBE7A9DB46CA00434BC:\Windows\System32\DRIVERS\btath_hcrp.sys C864FF85EE16D61C2BDD5EF76824625FC:\Windows\System32\DRIVERS\btath_lwflt.sys 0DEA505EFB5D771826D177EF8B8A208FC:\Windows\System32\DRIVERS\btath_rcp.sys 724C8088C96EFE7A3E63FEC21D4681C0C:\Windows\System32\DRIVERS\btfilter.sys 486720DA2B3BB13D1080C83140C18B56C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FFC:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legitC:\Windows\System32\CLFS.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legitC:\Windows\system32\drivers\cmdide.sys ==> MD5 is legitC:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legitC:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legitC:\Windows\System32\drivers\csc.sys ==> MD5 is legitC:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legitC:\Windows\System32\drivers\discache.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legitC:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legitC:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legitC:\Windows\system32\drivers\errdev.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\ETD.sys 05B0DCDA418E297A1B4CD8D7B8ADE403C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legitC:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legitC:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legitC:\Windows\System32\drivers\filetrace.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitC:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\FLxHCIc.sys D0ADBCF2A5316D23EF67DFAA02D5D544C:\Windows\System32\DRIVERS\FLxHCIh.sys F9B6DB9727AD2F14ECF84E43EB5279F7C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legitC:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7BC:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legitC:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legitC:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373AC:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legitC:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legitC:\Windows\System32\drivers\HTTP.sys ==> MD5 is legitC:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legitC:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\iaStor.sys D7921D5A870B11CC1ADAB198A519D50AC:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366C:\Windows\System32\DRIVERS\igdkmd64.sys 348214F96642FD4FEF630DE021BA3540C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legitC:\Windows\System32\drivers\RTKVHD64.sys A0C2C3D4C03C4FB896CFC53873784178C:\Windows\System32\DRIVERS\IntcDAud.sys FC727061C0F47C8059E88E05D5C8E381C:\Windows\system32\drivers\intelide.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legitC:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legitC:\Windows\System32\drivers\ipnat.sys ==> MD5 is legitC:\Windows\System32\drivers\irenum.sys ==> MD5 is legitC:\Windows\system32\drivers\isapnp.sys ==> MD5 is legitC:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legitC:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\kbfiltr.sys E63EF8C3271D014F14E2469CE75FECB4C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DECC:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5ABC:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legitC:\Windows\system32\drivers\luafv.sys ==> MD5 is legitC:\Windows\system32\drivers\mbam.sys F92B0E478C0FAA6D6661E6E977247E60C:\Windows\system32\drivers\mwac.sys 15E8ABC06843672955CE26A009533BADC:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567C:\Windows\System32\drivers\mfeapfk.sys E2D642A38A8DC4722F859092F731B6A3C:\Windows\System32\drivers\mfeavfk.sys AE23ED41216E160F54E5EF1A5EE325F7C:\Windows\System32\drivers\mfehidk.sys BC76BC7129B2206098AC220B656F15B7C:\Windows\System32\drivers\mferkdet.sys C7C15D125AA697BE97087D197C9FAD08C:\Windows\System32\drivers\mfetdik.sys 41CA4C4292004486D004D357B9C19718C:\Windows\System32\drivers\modem.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legitC:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legitC:\Windows\system32\drivers\mpio.sys ==> MD5 is legitC:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legitC:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68ACC:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30CC:\Windows\System32\drivers\msahci.sys ==> MD5 is legitC:\Windows\system32\drivers\msdsm.sys ==> MD5 is legitC:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legitC:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legitC:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legitC:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legitC:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legitC:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legitC:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legitC:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legitC:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legitC:\Windows\System32\Drivers\mup.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legitC:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legitC:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legitC:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legitC:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legitC:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2C:\Windows\System32\Drivers\Null.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\nvlddmkm.sys 5104BAC2DA2A5BDD86AC6B0708B00F06C:\Windows\System32\DRIVERS\nvpciflt.sys 918841B2454F4F2BD94479692079490BC:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66ADC:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4AC:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legitC:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legitC:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9CC:\Windows\System32\drivers\pci.sys ==> MD5 is legitC:\Windows\System32\drivers\pciide.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legitC:\Windows\System32\drivers\pcw.sys ==> MD5 is legitC:\Windows\System32\drivers\peauth.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legitC:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legitC:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legitC:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legitC:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legitC:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0AC:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932C:\Windows\System32\DRIVERS\RsFx0153.sys 8415D92661B147BA54BE05AD18B82186C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\Rt64win7.sys 20A466B9EA2BD828C0EC723F99B8CFE7C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legitC:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legitC:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legitC:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legitC:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legitC:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\SiSG664.sys 1BC348CF6BAA90EC8E533EF6E6A69933C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\snp2uvc.sys C98375D19F9E9966F6201BAE65FB3728C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0BC:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legitC:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legitC:\Windows\system32\drivers\storvsc.sys ==> MD5 is legitC:\Windows\system32\drivers\swenum.sys ==> MD5 is legitC:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45EC:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45EC:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABCC:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legitC:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legitC:\Windows\system32\drivers\termdd.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85EC:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\TurboB.sys B355581A9DA34C92E2DBAFA410D2F829C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legitC:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legitC:\Windows\system32\drivers\umbus.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83AC:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BAC:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DCC:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legitC:\Windows\system32\drivers\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legitC:\Windows\System32\drivers\vga.sys ==> MD5 is legitC:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legitC:\Windows\system32\drivers\viaide.sys ==> MD5 is legitC:\Windows\System32\drivers\vmbus.sys ==> MD5 is legitC:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legitC:\Windows\System32\drivers\volmgr.sys ==> MD5 is legitC:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legitC:\Windows\System32\drivers\volsnap.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\vpchbus.sys B4A73CA4EF9A02B9738CEA9AD5FE5917C:\Windows\System32\DRIVERS\vpcnfltr.sys E675FB2B48C54F09895482E2253B289CC:\Windows\System32\DRIVERS\vpcusb.sys 5FB42082B0D19A0268705F1DD343DF20C:\Windows\System32\drivers\vpcvmm.sys 207B6539799CC1C112661A9B620DD233C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legitC:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legitC:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legitC:\Windows\System32\DRIVERS\wimfltr.sys 52DED146E4797E6CCF94799E8E22BB2AC:\Windows\System32\drivers\wimmount.sys ==> MD5 is legitC:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legitC:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legitC:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legitC:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869FC:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659 ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-02 18:07 - 2014-10-02 18:11 - 00045411 _____ () C:\Users\ULB\Downloads\FRST.txt2014-10-02 15:26 - 2014-10-02 15:26 - 00000000 __SHD () C:\Users\ULB\AppData\Local\EmieUserList2014-10-02 15:26 - 2014-10-02 15:26 - 00000000 __SHD () C:\Users\ULB\AppData\Local\EmieSiteList2014-10-02 15:18 - 2014-10-02 15:19 - 31766208 _____ (Microsoft Corporation) C:\Users\ULB\Downloads\Windows-KB890830-x64-V5.16.exe2014-10-02 15:13 - 2014-10-02 15:17 - 00000000 ____D () C:\Users\ULB\AppData\Local\{E8EEAE45-622B-4D59-A30C-D2D671ED3619}2014-10-01 18:09 - 2014-10-01 18:11 - 00000000 ____D () C:\Users\ULB\AppData\Local\{C83EEDBE-D94A-441D-B250-84340AE2A62C}2014-09-30 15:32 - 2014-10-02 18:10 - 00000000 ____D () C:\FRST2014-09-30 15:31 - 2014-09-30 15:32 - 02108928 _____ (Farbar) C:\Users\ULB\Downloads\FRST64.exe2014-09-30 15:18 - 2014-09-30 15:18 - 00037681 _____ () C:\Users\ULB\Desktop\ZHPDiag.txt2014-09-30 15:14 - 2014-09-30 15:14 - 00003152 _____ () C:\Windows\System32\Tasks\{00066ACF-69BF-4F02-87AA-1E50CC26435D}2014-09-30 15:09 - 2014-09-30 15:09 - 00001993 _____ () C:\Users\ULB\Desktop\ZHPFix.lnk2014-09-30 15:09 - 2014-09-30 15:09 - 00001866 _____ () C:\Users\ULB\Desktop\ZHPDiag.lnk2014-09-30 15:09 - 2014-09-30 15:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP2014-09-30 15:08 - 2014-09-30 15:18 - 00000000 ____D () C:\Users\ULB\AppData\Roaming\ZHP2014-09-30 15:08 - 2014-09-30 15:09 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag2014-09-30 15:07 - 2014-09-30 15:07 - 06859964 _____ (Nicolas Coolman ) C:\Users\ULB\Downloads\ZHPDiag2.exe2014-09-30 14:24 - 2014-09-30 14:36 - 00000000 ____D () C:\Program Files (x86)\RegCleaner2014-09-30 14:24 - 2014-09-30 14:24 - 00003192 _____ () C:\Windows\System32\Tasks\{873830A8-F036-4473-8B18-35E13B0D55FF}2014-09-30 14:24 - 2014-09-30 14:24 - 00000964 _____ () C:\Users\UpdatusUser\Desktop\RegCleaner.lnk2014-09-30 14:24 - 2014-09-30 14:24 - 00000964 _____ () C:\Users\ULB\Desktop\RegCleaner.lnk2014-09-30 14:23 - 2014-10-02 15:15 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-09-30 14:23 - 2014-09-30 14:23 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-09-30 14:23 - 2014-09-30 14:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-09-30 14:23 - 2014-09-30 14:23 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-09-30 14:23 - 2014-09-30 14:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-09-30 14:23 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-09-30 14:23 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-09-30 14:23 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-09-30 14:22 - 2014-09-30 14:22 - 00553687 _____ () C:\Users\ULB\Downloads\regcleaner_regcleaner_4.3.0.780_francais_10573.exe2014-09-30 14:21 - 2014-09-30 14:22 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\ULB\Downloads\mbam-setup-2.0.2.1012.exe2014-09-30 14:17 - 2014-09-30 14:20 - 00000000 ____D () C:\Users\ULB\AppData\Local\{3B66D206-926D-4908-BC68-C8C695A28B22}2014-09-30 12:55 - 2014-09-30 12:55 - 00000000 ____D () C:\Users\ULB\AppData\Local\{670AF4D8-1D2F-4053-B79B-9E861D718AB2}2014-09-30 06:45 - 2014-09-30 06:45 - 00000000 ____D () C:\Users\ULB\AppData\Local\{EB2C3AAF-6F4E-46C3-A9C7-316E55C8C33D}2014-09-29 18:53 - 2014-09-29 18:53 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk2014-09-29 18:53 - 2014-09-29 18:53 - 00000000 ____D () C:\Users\ULB\AppData\Roaming\AVAST Software2014-09-29 18:53 - 2014-09-29 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast2014-09-29 18:52 - 2014-09-29 18:53 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update2014-09-29 18:52 - 2014-09-29 18:52 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys2014-09-29 18:52 - 2014-09-29 18:52 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys2014-09-29 18:52 - 2014-09-29 18:52 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys2014-09-29 18:52 - 2014-09-29 18:52 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys2014-09-29 18:52 - 2014-09-29 18:51 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe2014-09-29 18:52 - 2014-09-29 18:51 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys2014-09-29 18:52 - 2014-09-29 18:51 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys2014-09-29 18:52 - 2014-09-29 18:51 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys2014-09-29 18:52 - 2014-09-29 18:51 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys2014-09-29 18:51 - 2014-09-29 18:51 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr2014-09-29 18:49 - 2014-09-29 18:49 - 00001397 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk2014-09-29 18:49 - 2014-09-29 18:49 - 00001385 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk2014-09-29 18:49 - 2014-09-29 18:49 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking2014-09-29 18:49 - 2014-09-29 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 22014-09-29 18:48 - 2014-09-29 20:17 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-09-29 18:48 - 2014-09-29 18:52 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 22014-09-29 18:48 - 2014-09-29 18:48 - 00000000 ____D () C:\Program Files\AVAST Software2014-09-29 18:48 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe2014-09-29 18:45 - 2014-09-29 18:48 - 00000000 ____D () C:\ProgramData\AVAST Software2014-09-29 18:45 - 2014-09-29 18:46 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\ULB\Downloads\spybot-2.4.exe2014-09-29 18:45 - 2014-09-29 18:45 - 04862664 _____ (AVAST Software) C:\Users\ULB\Downloads\avast_free_antivirus_setup_online.exe2014-09-29 18:44 - 2014-09-29 18:44 - 00000000 ____D () C:\Users\ULB\AppData\Local\{11EF8171-D4EE-4C3E-8BE9-595C9B90A9D1}2014-09-29 15:19 - 2014-09-29 15:21 - 00035840 ___SH () C:\Users\ULB\Thumbs.db2014-09-29 15:12 - 2014-09-30 16:01 - 00000000 ____D () C:\QUARANTINE2014-09-24 02:26 - 2014-09-10 00:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2014-09-24 02:26 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll2014-09-19 19:10 - 2014-09-19 19:36 - 00000000 ____D () C:\Users\ULB\Desktop\Fichiers téléchargés divers2014-09-19 16:55 - 2014-09-19 19:46 - 00000000 ____D () C:\Users\ULB\Desktop\xDaunt2014-09-19 16:22 - 2014-09-19 16:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-09-16 16:49 - 2014-09-17 18:51 - 00000000 ____D () C:\Users\ULB\AppData\Local\{5EFA1BDA-398B-49BA-8097-B9BC6DB14E6B}2014-09-15 16:16 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-09-15 16:16 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-09-15 16:16 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-09-15 16:16 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-09-15 16:16 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-09-15 16:16 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-09-15 16:16 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-09-15 16:16 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-09-15 16:16 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-09-15 16:16 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-09-15 16:16 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-09-15 16:16 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-09-15 16:16 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-09-15 16:16 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-09-15 16:16 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-09-15 16:16 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-09-15 16:16 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-09-15 16:16 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-09-15 16:16 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-09-15 16:16 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-09-15 16:16 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-09-15 16:16 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-09-15 16:16 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-09-15 16:16 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-09-15 16:16 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-09-15 16:16 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-09-15 16:16 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-09-15 16:16 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-09-15 16:16 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-09-15 16:16 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-09-15 16:16 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-09-15 16:16 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-09-15 16:16 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-09-15 16:16 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-09-15 16:16 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-09-15 16:16 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-09-15 16:16 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-09-15 16:16 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-09-15 16:16 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-09-15 16:16 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-09-15 16:16 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-09-15 16:16 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-09-15 16:16 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-09-15 16:16 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-09-15 16:16 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-09-15 16:16 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-09-15 16:16 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-09-15 16:16 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-09-15 16:16 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-09-15 16:16 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-09-15 16:16 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-09-15 16:16 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-09-15 16:16 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-09-15 16:16 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-09-15 16:16 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-09-15 16:16 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-09-15 15:39 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll2014-09-15 15:39 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll2014-09-15 15:35 - 2014-09-16 03:36 - 00000000 ____D () C:\Users\ULB\AppData\Local\{4436ABE8-A1A0-4211-8175-F547EAEE1487}2014-09-11 23:42 - 2014-09-11 23:42 - 00529480 _____ () C:\Windows\Minidump\091114-24804-01.dmp2014-09-11 16:30 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll2014-09-11 16:30 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll2014-09-11 16:29 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll2014-09-11 16:29 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll2014-09-11 16:28 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2014-09-11 16:28 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2014-09-11 16:28 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2014-09-11 16:28 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2014-09-11 16:28 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2014-09-11 16:27 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-09-11 16:27 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-09-05 18:33 - 2014-09-05 18:33 - 00000141 _____ () C:\Users\ULB\Desktop\Articles à aller chercher.txt2014-09-04 22:12 - 2014-09-04 22:13 - 00000000 ____D () C:\Users\ULB\Desktop\Comics ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-02 18:07 - 2013-10-03 18:09 - 00000000 ____D () C:\Users\ULB\AppData\Roaming\F42014-10-02 17:44 - 2012-07-18 19:19 - 00001002 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-10-02 16:53 - 2013-01-24 17:57 - 00012810 _____ () C:\Windows\setupact.log2014-10-02 16:51 - 2013-10-03 18:09 - 00000000 ____D () C:\Program Files (x86)\f4_20122014-10-02 16:38 - 2011-02-21 19:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information2014-10-02 16:37 - 2011-02-21 19:03 - 00000000 ____D () C:\ProgramData\CyberLink2014-10-02 16:35 - 2011-02-21 18:55 - 01281385 _____ () C:\Windows\WindowsUpdate.log2014-10-02 16:14 - 2009-07-14 06:45 - 00022016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-10-02 16:14 - 2009-07-14 06:45 - 00022016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-10-02 16:13 - 2012-01-03 18:21 - 00000000 ____D () C:\Users\ULB\Tracing2014-10-02 15:12 - 2011-02-21 19:47 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini2014-10-02 15:11 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-09-30 15:48 - 2014-02-20 13:48 - 00000000 ____D () C:\Users\ULB\AppData\Roaming\BitTorrent2014-09-30 14:42 - 2011-03-11 11:48 - 00115480 _____ () C:\Users\ULB\AppData\Local\GDIPFONTCACHEV1.DAT2014-09-30 14:41 - 2011-03-11 11:46 - 00045056 _____ () C:\Windows\system32\acovcnt.exe2014-09-30 14:41 - 2011-02-21 19:48 - 00001494 _____ () C:\Windows\system32\ServiceFilter.ini2014-09-30 14:40 - 2009-07-14 06:45 - 00420632 _____ () C:\Windows\system32\FNTCACHE.DAT2014-09-30 14:39 - 2011-02-21 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility2014-09-30 14:39 - 2011-02-21 19:14 - 00000000 ____D () C:\Program Files (x86)\ASUS2014-09-30 14:27 - 2011-02-21 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS2014-09-30 14:19 - 2012-01-11 17:18 - 00000000 ____D () C:\Users\ULB\AppData\Roaming\Dropbox2014-09-30 04:37 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache2014-09-29 19:36 - 2013-01-24 17:56 - 00250388 _____ () C:\Windows\PFRO.log2014-09-29 19:36 - 2012-05-09 15:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service2014-09-29 18:44 - 2012-01-11 17:22 - 00000000 ___RD () C:\Users\ULB\Desktop\Dropbox2014-09-29 15:20 - 2011-03-11 11:46 - 00000000 ____D () C:\Users\ULB2014-09-29 14:56 - 2009-08-04 13:22 - 00830120 _____ () C:\Windows\system32\perfh00C.dat2014-09-29 14:56 - 2009-08-04 13:22 - 00180952 _____ () C:\Windows\system32\perfc00C.dat2014-09-29 14:56 - 2009-07-14 07:13 - 01894876 _____ () C:\Windows\system32\PerfStringBackup.INI2014-09-26 17:06 - 2013-02-07 16:07 - 00004406 _____ () C:\Users\ULB\Desktop\Agenda.txt2014-09-26 16:44 - 2012-07-18 19:19 - 00003940 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-09-26 16:44 - 2012-04-10 03:21 - 00701104 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-09-26 16:44 - 2012-01-03 17:53 - 00071344 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-09-22 16:09 - 2013-09-16 18:04 - 00000000 ____D () C:\Users\ULB\Desktop\Ouvrages téléchargés2014-09-19 19:09 - 2014-04-04 17:35 - 00001051 _____ () C:\Windows\system32\Donald_R._McCreary,_Joan_C._Chrisler_auth.,_Joan_C._Chrisler,_Donald_R._McCreary_eds._Handbook_of_Gender_Research_in_Psychology_Volume_1_Gender_Research_in_General_and_Experimental_Psychology__2010.pdf.lnk2014-09-19 17:25 - 2012-01-11 17:16 - 00000612 _____ () C:\Users\ULB\Desktop\Infos diverses.txt2014-09-18 01:15 - 2012-01-11 17:18 - 00000000 ____D () C:\Users\ULB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2014-09-16 14:42 - 2011-03-11 11:48 - 00000000 ____D () C:\Users\ULB\Documents\Bluetooth Folder2014-09-15 16:15 - 2011-03-14 11:23 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-09-15 16:11 - 2014-03-07 04:09 - 01873660 ____N () C:\Windows\SysWOW64\PerfStringBackup.INI2014-09-15 16:08 - 2013-11-13 15:42 - 00000000 ____D () C:\Windows\system32\MRT2014-09-15 15:39 - 2014-06-17 03:06 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-09-15 09:06 - 2011-03-11 12:29 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2014-09-11 23:42 - 2013-04-20 00:12 - 00000000 ____D () C:\Windows\Minidump2014-09-11 23:41 - 2013-04-20 00:11 - 610683270 _____ () C:\Windows\MEMORY.DMP2014-09-04 16:17 - 2014-08-31 21:01 - 00000000 ____D () C:\Users\ULB\AppData\Local\{1F3387B7-5F27-476C-A685-B29B10BFFFD0}2014-09-03 01:58 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed ==================== BCD ================================ Gestionnaire de d‚marrage Windows---------------------------------identificateur {bootmgr}device bootdescription Windows Boot Managerlocale fr-FRinherit {globalsettings}default {current}resumeobject {4bd6ad46-7c0c-11de-baef-deb9d273c9fa}displayorder {current}toolsdisplayorder {memdiag}timeout 30 Chargeur de d‚marrage Windows-----------------------------identificateur {current}device bootpath \Windows\system32\winload.exedescription Windows 7locale fr-FRinherit {bootloadersettings}recoverysequence {4bd6ad4a-7c0c-11de-baef-deb9d273c9fa}recoveryenabled Yesosdevice bootsystemroot \Windowsresumeobject {4bd6ad46-7c0c-11de-baef-deb9d273c9fa}nx OptIn Chargeur de d‚marrage Windows-----------------------------identificateur {4bd6ad4a-7c0c-11de-baef-deb9d273c9fa} Chargeur de d‚marrage Windows-----------------------------identificateur {572bcd56-ffa7-11d9-aae0-0007e994107d} Reprendre … partir de la mise en veille prolong‚e-------------------------------------------------identificateur {4bd6ad46-7c0c-11de-baef-deb9d273c9fa}device bootpath \Windows\system32\winresume.exedescription Windows Resume Applicationlocale fr-FRinherit {resumeloadersettings}filedevice partition=C:filepath \hiberfil.sysdebugoptionenabled No Testeur de m‚moire Windows--------------------------identificateur {memdiag}device partition=C:path \boot\memtest.exedescription Windows Memory Diagnosticlocale fr-FRinherit {globalsettings}badmemoryaccess Yes ParamŠtres EMS--------------identificateur {emssettings}bootems Yes ParamŠtres du d‚bogueur-----------------------identificateur {dbgsettings}debugtype Serialdebugport 1baudrate 115200 Erreurs de m‚moire RAM----------------------identificateur {badmemory} ParamŠtres globaux------------------identificateur {globalsettings}inherit {dbgsettings} {emssettings} {badmemory} ParamŠtres du chargeur de d‚marrage-----------------------------------identificateur {bootloadersettings}inherit {globalsettings} {hypervisorsettings} ParamŠtres de l'hyperviseur-------------------identificateur {hypervisorsettings}hypervisordebugtype Serialhypervisordebugport 1hypervisorbaudrate 115200 ParamŠtres du chargeur de reprise---------------------------------identificateur {resumeloadersettings}inherit {globalsettings} Options de p‚riph‚rique-----------------------identificateur {4bd6ad4b-7c0c-11de-baef-deb9d273c9fa}description Ramdisk Optionsramdisksdidevice unknownramdisksdipath \Recovery\4bd6ad4a-7c0c-11de-baef-deb9d273c9fa\boot.sdi Options de p‚riph‚rique-----------------------identificateur {ad6c7bc8-fa0f-11da-8ddf-0013200354d8}description Ramdisk Device Optionsramdisksdidevice unknownramdisksdipath \boot.sdi LastRegBack: 2014-09-30 04:29 ==================== End Of Log ============================ I attached the Addition.txt to this post since it otherwise made the post too long for the forum. Many thanks for your help.Addition.txt Link to post Share on other sites More sharing options...
Radd Posted October 5, 2014 Author ID:886714 Share Posted October 5, 2014 Hi, I know we're not supposed to bump our own threads, but since it's been three days and I'm seeing many more recent threads get answered by mods, I'm afraid that mine might have been forgotten... :-) Thanks in advance for any help. Link to post Share on other sites More sharing options...
kevinf80 Posted October 5, 2014 ID:886782 Share Posted October 5, 2014 Hello and P2P/Piracy Warning: If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy. Next, To adhere to forum protocol make sure illegal or cracked software is removed from your system.... Next, There are two security systems running, Avast and McAfee, Uninstall one of those, also Uninstall SpyBot S & D. Next, Run another scan with FRST, if it asks to update when opened, allow that to open... Ensure all boxes are checkmarked (ticked) under "Whitelist" and only "Addition.txt" under Optional scan... Post the two new logs in your next reply.. Thanks, Kevin.... Link to post Share on other sites More sharing options...
Radd Posted October 6, 2014 Author ID:886955 Share Posted October 6, 2014 Hi Kevin, Thanks for your help! I did the uninstalls you asked. Here are the new FRST.txt and Addition.txt: Addition.txtFRST.txt Link to post Share on other sites More sharing options...
kevinf80 Posted October 6, 2014 ID:886968 Share Posted October 6, 2014 No obvious malware or infection in those logs... Run the following: Download TFC to your desktop, from either of the following linkshttp://oldtimer.geekstogo.com/TFC.exehttp://itxassociates.com/OT-Tools/TFC.exe Save any open work. TFC will close all open application windows. Double-click TFC.exe to run the program. Vista or Windows 7 users accept the UAC alert. If prompted, click "Yes" to reboot.TFC will automatically close any open programs, including your Desktop. Let it run uninterrupted. It shouldn't take longer than a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not Re-boot it yourself to complete cleaning process <---- Very Important Next, We still need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete: Run Eset Online Scanner **Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin. (To run ESET Online Scanner in a browser other than Internet Explorer, you'll need to download ESET SMART Installer during the process) Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scan click on the Run ESET Online Scanner button Tick the box next to YES, I accept the Terms of Use.Click Start When asked, allow the add/on to be installedClick Start Make sure that the option "Remove found threats" is Ticked Click on Advanced Settings, ensure the following options are checked: Scan for potentially unsafe applicationsEnable Anti-Stealth Technology Select "Change" next to Current scan targets A new window will open, select any extra drives, Flash drives etc as required.Click Scan wait for the virus definitions to be downloaded Wait for the scan to finish When the scan is complete If no threats were found put a checkmark in "Uninstall application on close" close program report to me that nothing was found If threats were found click on "list of threats found" click on "export to text file" and save it as ESET SCAN and save to the desktop Click on back put a checkmark in "Uninstall application on close" click on finish close program Copy and paste the report in next reply. Also let me know if there are any remaining issues or concerns... Kevin.. Link to post Share on other sites More sharing options...
Radd Posted October 7, 2014 Author ID:887447 Share Posted October 7, 2014 Thanks again for your help, kevin. The ESET scan found two threads, namely the two .exe files to install Bittorrent and CCleaner (perhaps old versions, I'm not sure). Here is the ESET SCAN.txt. Is there anything else I need to do (with regards to these two files or others)? Or can I now be sure that there is no remaining virus/malware on my computer?ESET SCAN.txt Link to post Share on other sites More sharing options...
kevinf80 Posted October 7, 2014 ID:887475 Share Posted October 7, 2014 ESET log entries can be deleted, ESET scan is very thorough as nothing malicious was found it is safe to say your system is clean.... Run these fina two scans, if they are also clean we can remove tools etc.. Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... linkWhen the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware. Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected. In most cases, a restart will be required. Wait for the prompt to restart the computer to appear, then click on Yes. Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply. Next, Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktopEnsure to get the correct version for your system.... 32 Bit version:https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en64 Bit version:https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en Right click on the Tool, select “Run as Administrator” the tool will expand to the options WindowIn the "Scan Type" window, select Full ScanPerform a scan and Click Finish when the scan is done.Retrieve the MSRT log as follows, and post it in your next reply: 1) Select the Windows key and R key together to open the "Run" function2) Type or Copy/Paste the following command to the "Run Line" and Press Enternotepad c:\windows\debug\mrt.log Thanks, Kevin Link to post Share on other sites More sharing options...
Radd Posted October 8, 2014 Author ID:887799 Share Posted October 8, 2014 Thanks again, Kevin! Here are the two logs produced by Malwarebytes Anti-Malware and by Microsoft's Malicious Software Removal Tool.Since neither found infections, can I be confident that the worm is gone? Sorry for being so careful, but I want to be 100% sure since I am writing my thesis on this computer and even though I frequently do backups I would hate to lose my files and/or see my e-mail accounts passwords get stolen. Thank you so much for your help.Malwarebytes Scan Log.txtmrt.log Link to post Share on other sites More sharing options...
kevinf80 Posted October 8, 2014 ID:887859 Share Posted October 8, 2014 Yes i`d say your system is clean, run the following to clear tools etc... Download "Delfix by Xplode" and save it to your desktop. Or use the following if first link is down: "Delfix link mirror" Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator Make Sure the following items are checked: Activate UAC Remove disinfection tools Create registry backup Purge System Restore Reset system settings Now click on "Run" and wait patiently until the tool has completed. The tool will create a log when it has completed. We don't need you to post this. Part of the routine will be to create a registry back up with ERUNT, the back up will be created here: C:\Windows\ERUNT When all is known to be well with your system you can delete that back up folder if you consider it as not needed...Any remnant files/logs from tools we have used can be deleted… Next, Read the following link to fully understand PC security and best practices, you may find it useful.... http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629 Let me know if we can close out... Thanks, Kevin.... Link to post Share on other sites More sharing options...
Radd Posted October 9, 2014 Author ID:888041 Share Posted October 9, 2014 I ran Delfix as administrator and checked the five boxes as instructed, but a few seconds after clicking "run" I get the following error message and it stops: "AutoIt Error Line 49 (File "C:\Users\ULB\Desktop\delfix_10.8.exe"): Error: The requested action with this object has failed." What should I do? Thanks,Radd Link to post Share on other sites More sharing options...
kevinf80 Posted October 9, 2014 ID:888100 Share Posted October 9, 2014 Delete the version of Delfix you have, download one again as follows... Download "Delfix by Xplode" and save it to your desktop. Or use the following if first link is down: "Delfix link mirror" Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator Make Sure the following items are checked: Activate UAC Remove disinfection tools Create registry backup Purge System Restore Reset system settings Now click on "Run" and wait patiently until the tool has completed. The tool will create a log when it has completed. We don't need you to post this. Part of the routine will be to create a registry back up with ERUNT, the back up will be created here: C:\Windows\ERUNT When all is known to be well with your system you can delete that back up folder if you consider it as not needed...Any remnant files/logs from tools we have used can be deleted… Link to post Share on other sites More sharing options...
Radd Posted October 10, 2014 Author ID:888336 Share Posted October 10, 2014 I followed those same steps the first time (including running the program as administrator), but I tried redownloading and redoing everything and I get the same error when I run Delfix: "AutoIt Error Line 49 (File "C:\Users\ULB\Desktop\delfix_10.8.exe"): Error: The requested action with this object has failed." I tried downloading the version in the second link instead, but I end up getting the same error message (except with delfix_10.0.exe instead of 10.8). I tried rebooting but it did not help. Link to post Share on other sites More sharing options...
kevinf80 Posted October 10, 2014 ID:888395 Share Posted October 10, 2014 Delete Delfix for now and continue: We need to remove FRST, first it is very important to deal with its own Quarantine folder by using FRST itself.. OK, we continue: Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into. NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful. Next, Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST Next, Download OTC by OldTimer from here http://oldtimer.geekstogo.com/OTC.exe or here http://www.itxassociates.com/OT-Tools/OTC.exe and save to your Desktop.Double click icon to start the program.If you are using Vista or Windows 7 accept UACThen Click the big button.You will get a prompt saying "Begining Cleanup Process". Please select Yes.Restart your computer when prompted.This will remove tools we have used and itself. Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so. Any tools/logs remaining on the Desktop or downloads folder can be deleted. Next, Read the following link to fully understand PC security and best practices, you may find it useful.... http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629 Let me know if those steps complete OK, also if no remaining issues or concerns are we ok to close... Kevin...Fixlist.txt Link to post Share on other sites More sharing options...
Radd Posted October 10, 2014 Author ID:888422 Share Posted October 10, 2014 Thanks for your continued help, kevin. I ran FRST with your fixlist and here is the report it produced - apparently the folder "could not be moved": Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-10-2014 01Ran by ULB at 2014-10-10 18:27:58 Run:1Running from C:\Users\ULB\DesktopLoaded Profile: ULB (Available profiles: UpdatusUser & ULB)Boot Mode: Normal============================================== Content of fixlist:*****************StartC:\FRST\QuarantineEmptyTemp:End ***************** "C:\FRST\Quarantine" directory move: Could not move "C:\FRST\Quarantine" directory. => Scheduled to move on reboot. EmptyTemp: => Removed 232.4 MB temporary data. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-10-10 18:30:29)<= "C:\FRST\Quarantine" => Directory could not move. ==== End of Fixlog ==== I then ran OTC as indicated, however, and I now no longer see a C:\FRST\ folder. Typing the access path indicates it is no longer there. Should I do anything else or can I consider the procedure to be over? Link to post Share on other sites More sharing options...
kevinf80 Posted October 10, 2014 ID:888433 Share Posted October 10, 2014 Could not move "C:\FRST\Quarantine" directory. => Scheduled to move on reboot. FRST indicated a re-boot was needed to complete the action, it makes no matter as OTC is also a general tools cleaner and probably did the job itself. The latest scans we ran did indicate a clean system, if you consider there are no remaining issues or concerns we can call this done... Thank you, Kevin... Link to post Share on other sites More sharing options...
Radd Posted October 10, 2014 Author ID:888434 Share Posted October 10, 2014 Yes, I indeed rebooted after running FRST and the folder was still there, but I guess like you said OTC did the job. I suppose we can close this now, thank you so much for your help once again. I will recommend Malwarebytes (the program as well as the forums) to my friends Cheers! Link to post Share on other sites More sharing options...
kevinf80 Posted October 10, 2014 ID:888436 Share Posted October 10, 2014 Thanks for the udate, it was a pleasure to work with you... Take care and surf safe, Kevin... Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 17, 2014 Root Admin ID:891229 Share Posted October 17, 2014 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts