Jump to content

100% Disk Usage (Request Log Analysis)

Arcueides

By Arcueides
in Resolved Malware Removal Logs

 Share

Recommended Posts

Arcueides

Arcueides

Posted
Posted

Hi,

Disk usage is stuck at 100% on both my computers.

Here are my running processes if you can find anything that can caused this, i struck out. Ran mwb and a few other tools had no success.

 

E:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\Program Files (x86)\TeamViewer\TeamViewer.exeE:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\SysWOW64\cmd.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Users\*****_000\AppData\Roaming\Dashlane\DashlanePlugin.exeC:\Users\*****_~1\AppData\Roaming\Dashlane\Dashlane.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeF:\Mes Documents\Browser Downloads\HijackThis-2.0.5 beta.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =F2 - REG:system.ini: UserInit=userinit.exe,O4 - HKLM\..\Run: [Malwarebytes Anti-Exploit] E:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exeO8 - Extra context menu item: &Envoyer à OneNote - res://E:\Program Files\Microsoft Office\Office14\ONBttnIE.dll/105O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\Program Files\Microsoft Office\Office14\EXCEL.EXE/3000O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllO9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllO9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllO9 - Extra 'Tools' menuitem: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllO10 - Unknown file in Winsock LSP: c:\windows\syswow64\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\windows\syswow64\wlidnsp.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO15 - Trusted Zone: http://*.ma-config.comO15 - Trusted Zone: http://*.touslesdrivers.comO17 - HKLM\System\CCS\Services\Tcpip\..\{98362631-B406-483E-ACCC-D61D95E17BCC}: NameServer = 192.168.1.1O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLO21 - SSODL: EldosMountNotificator-cbfs4 - {84AAD89D-75FB-4F96-B640-8AC90298B411} - C:\Windows\SysWOW64\cbfsMntNtf4.dllO22 - SharedTaskScheduler: Virtual Storage Mount Notification - {84AAD89D-75FB-4F96-B640-8AC90298B411} - C:\Windows\SysWOW64\cbfsMntNtf4.dllO23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: @%SystemRoot%\System32\AUInstallAgent.dll,-101 (AllUserInstallAgent) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%SystemRoot%\system32\AudioEndpointBuilder.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @%windir%\system32\bisrv.dll,-100 (BrokerInfrastructure) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @combase.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%SystemRoot%\system32\das.dll,-100 (DeviceAssociationService) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (DeviceInstall) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @%SystemRoot%\system32\DeviceSetupManager.dll,-1000 (DsmSvc) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (Eaphost) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (EventLog) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%systemroot%\system32\fhsvc.dll,-101 (fhsvc) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: hpqcxs08 - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: Service HP CUE DeviceDiscovery (hpqddsvc) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: HP Network Devices Support (HPSLPSVC) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: ShrewSoft IKE Daemon (iked) - Unknown owner - E:\Program Files\ShrewSoft\VPN Client\iked.exeO23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: ShrewSoft IPSEC Daemon (ipsecd) - Unknown owner - E:\Program Files\ShrewSoft\VPN Client\ipsecd.exeO23 - Service: ITbrain Agent - TeamViewer - C:\Program Files (x86)\ITbrain Agent\itbrain_agent.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exeO23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%windir%\system32\lsm.dll,-1001 (LSM) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: Malwarebytes Anti-Exploit Service (MbaeSvc) - Malwarebytes Corporation - E:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exeO23 - Service: MBAMScheduler - Malwarebytes Corporation - E:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeO23 - Service: MBAMService - Malwarebytes Corporation - E:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeO23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exeO23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @%SystemRoot%\system32\ncasvc.dll,-3009 (NcaSvc) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @%SystemRoot%\system32\NcdAutoSetup.dll,-100 (NcdAutoSetup) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: Net Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @%SystemRoot%\system32\netprofmsvc.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exeO23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-200 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: Pml Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll,-1 (PrintNotify) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @combase.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: Ouverture de session secondaire (seclogon) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exeO23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%SystemRoot%\System32\StorSvc.dll,-100 (StorSvc) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @%SystemRoot%\system32\svsvc.dll,-101 (svsvc) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%windir%\system32\SystemEventsBrokerServer.dll,-1001 (SystemEventsBroker) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exeO23 - Service: Tenable Nessus - Tenable Network Security, Inc - E:\Program Files\Tenable\Nessus\nessus-service.exeO23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%windir%\system32\TimeBrokerServer.dll,-1001 (TimeBroker) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: TinyWall Service (TinyWall) - Károly Pados - C:\Program Files (x86)\TinyWall\TinyWall.exeO23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exeO23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - E:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: Update service - Company - C:\Program Files (x86)\Popcorn Time\Updater.exeO23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vmicres.dll,-101 (vmicheartbeat) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%systemroot%\system32\vmicres.dll,-201 (vmickvpexchange) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%systemroot%\system32\vmicres.dll,-601 (vmicrdv) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%systemroot%\system32\vmicres.dll,-301 (vmicshutdown) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%systemroot%\system32\vmicres.dll,-401 (vmictimesync) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%systemroot%\system32\vmicres.dll,-501 (vmicvss) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%SystemRoot%\System32\wcmsvc.dll,-4097 (Wcmsvc) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @%SystemRoot%\system32\wiarpc.dll,-2 (WiaRpc) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (WlanSvc) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%SystemRoot%\system32\wlidsvc.dll,-100 (wlidsvc) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exeO23 - Service: @%SystemRoot%\system32\WSService.dll,-103 (WSService) - Unknown owner - C:\Windows\System32\svchost.exeO23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exeO23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe
Link to post
Share on other sites
Valinorum

Valinorum

Posted
Posted

Hi Arcueides, :)

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):

  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction, stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.
  • Step #1 Scan with Malwarebytes' Anti-Malware
    • Download Malwarebytes' Anti-Malware from the suitable link below --
    • Double-click mbam-setup.exe to install the application.
    • Before clicking Finish perform the following actions --
      • Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
      • Check the box beside Launch Malwarebytes Anti-Malware
    • Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
    • Click on Setting--
      • Navigate to the tab Detection and Protection and check all the boxes under Detection Options
    • From the Dashboard click on Scan Now;
    • If threats are detected click on Apply actions. If the program asks to reboot your PC, let it do so;
    • On completion of the scan click on View Detailed Log after that click on Export Button, select Text File and save the log to your Desktop;
    • Copy and Paste the contents of the log in your next reply.
  • Step #2 Scan with Farbar Recovery Scan Tool
    • Please download Farbar Recovery Scan Tool by Farbar to your Desktop from the link below.

      Download link for 32 bit system

      Download link for 64 bit system

    • Right-click on the program and choose Run as administrator;
    • Put tick-mark on all boxes under Whitelist and Optional Scan;
    • Click on Scan;
    • After the scan two notepad files will be opened --
      • FRST.txt;
      • Addition.txt
    • Copy and Paste the contents of the logs in your next reply.
  • Required Log(s):
    • Malwarebytes' Anti-malware Log
    • Farbar Tool Log(s)--
      • FRST.txt
      • Addition.txt
Regards,

Valinorum

Link to post
Share on other sites
Arcueides

Arcueides

Posted
  • Author
Posted

Hi Valinorum thanks for your assistance.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-12-2014Ran by Camille (administrator) on LAPTOPTWO on 23-12-2014 21:46:42Running from F:\Mes Documents\Browser DownloadsLoaded Profile: Camille (Available profiles: Camille)Platform: Windows 8 Pro (X64) OS Language: Français (France)Internet Explorer Version 10Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(SUPERAntiSpyware.com) E:\Program Files\SUPERAntiSpyware\SASCore64.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(TeamViewer) C:\Program Files (x86)\ITbrain Agent\itbrain_agent.exe(Malwarebytes Corporation) E:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe(Malwarebytes Corporation) E:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe(TuneUp Software) E:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe(Károly Pados) C:\Program Files (x86)\TinyWall\TinyWall.exe(Microsoft Corporation) C:\Windows\System32\alg.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe(TuneUp Software) E:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe(Károly Pados) C:\Program Files (x86)\TinyWall\TinyWall.exe(Malwarebytes Corporation) E:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe() C:\Users\vorsc_000\AppData\Roaming\Dashlane\Dashlane.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe() C:\Users\vorsc_000\AppData\Roaming\Dashlane\DashlanePlugin.exe(Ankama) E:\Program Files (x86)\Dofus2\transition\transition.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchHKLM\...\Run: [IAStorIcon] => E:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-28] (Synaptics Incorporated)HKLM\...\Run: [BCSSync] => E:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)HKLM\...\Run: [TinyWall Controller] => C:\Program Files (x86)\TinyWall\TinyWall.exe [652504 2014-10-12] (Károly Pados)HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => E:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-10] (Malwarebytes Corporation)HKLM-x32\...\RunOnce: [{a7602e27-6fa8-4ea3-bf95-f71953fc5b64}] => C:\ProgramData\Package Cache\{a7602e27-6fa8-4ea3-bf95-f71953fc5b64}\sdksetup.exe [998040 2014-12-23] (Microsoft Corporation)HKU\S-1-5-21-1189660985-1833294608-1615783760-1001\...\Run: [SUPERAntiSpyware] => E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2014-12-15] (SUPERAntiSpyware)HKU\S-1-5-21-1189660985-1833294608-1615783760-1001\...\MountPoints2: {81e4dd30-ff14-11e3-becf-f46d04f8e638} - "explorer.exe" http://www.ca-nmp.fr/nouveauclient.htmlIFEO\AcroRd32.exe: [Debugger] "E:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"IFEO\iastorui.exe: [Debugger] "E:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"IFEO\mcdetection.exe: [Debugger] "E:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"IFEO\mcsettings.exe: [Debugger] "E:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"IFEO\yolomouse.exe: [Debugger] "E:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"SSODL: EldosMountNotificator-cbfs4 - {84AAD89D-75FB-4F96-B640-8AC90298B411} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)SSODL-x32: EldosMountNotificator-cbfs4 - {84AAD89D-75FB-4F96-B640-8AC90298B411} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs4] -> {61818112-C5A4-45EE-8FDB-63680A590888} => C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs4] -> {61818112-C5A4-45EE-8FDB-63680A590888} => C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-1189660985-1833294608-1615783760-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/HKU\S-1-5-21-1189660985-1833294608-1615783760-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.fr.msn.com/BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> E:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)Winsock: Catalog5 07 C:\Windows\SysWOW64\wlidNSP.dll [46592] (Microsoft Corporation)Winsock: Catalog5 08 C:\Windows\SysWOW64\wlidNSP.dll [46592] (Microsoft Corporation)Winsock: Catalog5-x64 07 C:\Windows\system32\wlidnsp.dll [71168] (Microsoft Corporation)Winsock: Catalog5-x64 08 C:\Windows\system32\wlidnsp.dll [71168] (Microsoft Corporation)Tcpip\..\Interfaces\{98362631-B406-483E-ACCC-D61D95E17BCC}: [NameServer] 192.168.1.1FireFox:========FF ProfilePath: C:\Users\vorsc_000\AppData\Roaming\Mozilla\Firefox\Profiles\d9acdn6x.defaultFF SelectedSearchEngine: GoogleFF Homepage: about:homeFF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> E:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> E:\Program Files (x86)\Java\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> E:\Program Files (x86)\Java\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> E:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-1189660985-1833294608-1615783760-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\vorsc_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)FF user.js: detected! => C:\Users\vorsc_000\AppData\Roaming\Mozilla\Firefox\Profiles\d9acdn6x.default\user.jsFF Extension: HTTPS-Everywhere - C:\Users\vorsc_000\AppData\Roaming\Mozilla\Firefox\Profiles\d9acdn6x.default\Extensions\https-everywhere@eff.org [2014-10-20]FF Extension: Adblock Plus - C:\Users\vorsc_000\AppData\Roaming\Mozilla\Firefox\Profiles\d9acdn6x.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-20]FF HKU\S-1-5-21-1189660985-1833294608-1615783760-1001\...\Firefox\Extensions: [{442718d9-475e-452a-b3e1-fb1ee16b8e9f}] - C:\Users\vorsc_000\AppData\Roaming\Dashlane\3.2.0.75825\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}FF Extension: Dashlane - C:\Users\vorsc_000\AppData\Roaming\Dashlane\3.2.0.75825\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} [2014-12-18]FF Extension: No Name - C:\Users\vorsc_000\AppData\Roaming\Dashlane\3.2.0.74679\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} [Not Found]FF StartMenuInternet: FIREFOX.EXE - E:\Program Files (x86)\Mozilla Firefox\firefox.exeChrome: =======CHR HomePage: Default -> hxxp://www.google.com/CHR StartupUrls: Default -> ""CHR Profile: C:\Users\vorsc_000\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Easy Auto Refresh) - C:\Users\vorsc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2013-07-31]CHR Extension: (reddit companion) - C:\Users\vorsc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe [2013-07-31]CHR Extension: (Google Docs) - C:\Users\vorsc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-31]CHR Extension: (Google Drive) - C:\Users\vorsc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-31]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\vorsc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-22]CHR Extension: (YouTube) - C:\Users\vorsc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-31]CHR Extension: (Google Search) - C:\Users\vorsc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-31]CHR Extension: (Gmail Offline) - C:\Users\vorsc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-11-28]CHR Extension: (Dashlane) - C:\Users\vorsc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2014-02-17]CHR Extension: (HTTPS Everywhere) - C:\Users\vorsc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2014-11-30]CHR Extension: (AdBlock) - C:\Users\vorsc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-07-31]CHR Extension: (FlashBlock) - C:\Users\vorsc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl [2014-06-04]CHR Extension: (Boxcryptor) - C:\Users\vorsc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijmndaodmdjamfepoijpolhjddgfgmme [2014-11-28]CHR Extension: (Dashlane) - C:\Users\vorsc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmpplnklgealmmnncbdpehifojcfomaf [2013-07-31]CHR Extension: (Reddit Enhancement Suite) - C:\Users\vorsc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2013-11-26]CHR Extension: (Google Wallet) - C:\Users\vorsc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]CHR Extension: (Personal Blocklist (by Google)) - C:\Users\vorsc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef [2013-07-31]CHR Extension: (PasswordFail Extension) - C:\Users\vorsc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ockgeenjbijlgilppfieaklfopnbdpge [2014-06-04]CHR Extension: (YouTube High Definition) - C:\Users\vorsc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pddcafiidgkphndbohafakhgjnbjimej [2014-10-20]CHR Extension: (Gmail) - C:\Users\vorsc_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-31]==================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 !SASCORE; E:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)S4 IAStorDataMgrSvc; E:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)R2 ITbrain Agent; C:\Program Files (x86)\ITbrain Agent\itbrain_agent.exe [5567488 2013-08-22] (TeamViewer) [File not signed]S4 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]S4 MaConfigAgent; C:\Program Files\ma-config.com\MaConfigAgent.exe [2650960 2013-08-22] (CybelSoft)R2 MbaeSvc; E:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-10] (Malwarebytes Corporation)S2 MBAMScheduler; E:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)S2 MBAMService; E:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)S3 Microsoft SharePoint Workspace Audit Service; E:\Program Files\Microsoft Office\Office14\GROOVE.EXE [50942144 2013-12-19] (Microsoft Corporation)S4 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]S4 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)R2 TinyWall; C:\Program Files (x86)\TinyWall\TinyWall.exe [652504 2014-10-12] (Károly Pados)R2 TuneUp.UtilitiesSvc; E:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-31] (TuneUp Software)S3 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [179200 2014-10-09] (Company) [File not signed]R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [387776 2013-11-15] (EldoS Corporation)S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-10-28] (Disc Soft Ltd)R1 ESProtectionDriver; E:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2014-12-10] ()S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)R3 MTsensor; C:\Windows\system32\DRIVERS\ATK64AMD.sys [13680 2007-08-09] ()R3 NETJME; C:\Windows\system32\DRIVERS\NETJME.sys [137728 2012-07-06] (JMicron Technology Corp.)S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)R1 SASDIFSV; E:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; E:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R3 TuneUpUtilitiesDrv; E:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software)S1 vflt; C:\Windows\system32\DRIVERS\vfilter.sys [24064 2013-07-01] (Shrew Soft Inc) [File not signed]S3 vnet; C:\Windows\system32\DRIVERS\virtualnet.sys [17408 2013-07-01] (Shrew Soft Inc) [File not signed]R3 vpnpbus; C:\Windows\System32\drivers\vpnpbus.sys [18624 2013-11-15] (EldoS Corporation)========================== Drivers MD5 =======================C:\Windows\System32\drivers\1394ohci.sys E890C46E4754F0DF51BAFCC8D2E07498C:\Windows\System32\drivers\3ware.sys 4F18D4C7EA14F11A7211F60D553C03DBC:\Windows\System32\drivers\ACPI.sys 975AABEB243B800C23626D6B652C5A9CC:\Windows\System32\Drivers\acpiex.sys DC968C37822117E576B933F34A2D130CC:\Windows\System32\drivers\acpipagr.sys 0CA9F7C3A78227C21A0A7854E245CFB2C:\Windows\System32\drivers\acpipmi.sys 8EB8DA03B142D3DD1EB9ED8107A76C43C:\Windows\System32\drivers\acpitime.sys CBCE725C5D86ABA7D2604E22951AA9B8C:\Windows\System32\drivers\adp94xx.sys 93C6388592B99925C1D1576E465BC80FC:\Windows\System32\drivers\adpahci.sys D27763E0247292654E7F7D16444C7C72C:\Windows\System32\drivers\adpu320.sys 67B90070FF48F794AF19F9FCF0080D75C:\Windows\system32\drivers\afd.sys FE7FB9612D354EB41DF4F0FF5D6FB259C:\Windows\System32\drivers\agp440.sys 01590377A5AB19E792528C628A2A68F9C:\Windows\System32\drivers\amdk8.sys 5A81054B824004B1ECC04F0034A1CDF9C:\Windows\system32\DRIVERS\atikmdag.sys 79CC9BE187E3144E1B58A54B842475E7C:\Windows\system32\DRIVERS\atikmpag.sys 07561D3B7FD99F6E186C49C2D0628E38C:\Windows\System32\drivers\amdppm.sys B849D453E644FAB9BC8EF6DC8CA9C4C6C:\Windows\System32\drivers\amdsata.sys 35A0EB5AECB0FA3C41A2FB514A562304C:\Windows\System32\drivers\amdsbs.sys 00452671904F5EE94B50BF0219C97164C:\Windows\System32\drivers\amdxata.sys EA3FFE53E92E59C87E3ECA9BEB20D9B7C:\Windows\system32\drivers\appid.sys 83B3682CE922FB0F415734B26D9D6233C:\Windows\System32\drivers\arc.sys E933401B392387F4BE34DE8BAF1722A7C:\Windows\System32\drivers\arcsas.sys 07CA323EF2E8247A568AB0F3662AD644C:\Windows\system32\DRIVERS\asyncmac.sys 74DBAEC35366C4EE7670428808715A6AC:\Windows\System32\drivers\atapi.sys A721FF570C2387E383BDDEA9632863C9C:\Windows\system32\DRIVERS\athrx.sys DECE3E2832F125A41A02FB59F4C54EEAC:\Windows\system32\drivers\AtihdW86.sys 005D1AA28FFAA7FB327842B3CAFF726EC:\Windows\System32\drivers\bxvbda.sys 87AB5BB072A3F128541D5B815F82FFDDC:\Windows\System32\drivers\BasicDisplay.sys 81703BC5D68DEDBB086C2368FBE7B334C:\Windows\System32\drivers\BasicRender.sys 5EC68164E14D25675C98BBB5F09E8606C:\Windows\System32\Drivers\Beep.sys 9E7AEA59776D904607985AFFE7E5E183C:\Windows\System32\DRIVERS\bowser.sys B17AC10B47C7FCB44D22A1F06415840EC:\Windows\System32\drivers\BthAvrcpTg.sys 6695200F455E251F0BCC9CE4D0978D59C:\Windows\System32\drivers\bthhfenum.sys 616EB8748C988AEE98D93DA141C3D3B4C:\Windows\System32\drivers\BthHFHid.sys DCB4EBD928A6FB368BE6CAE522412DE1C:\Windows\System32\drivers\bthmodem.sys 033916CE8784A848B9A3D686B7F66D97C:\Windows\system32\drivers\cbfs4.sys B6EA7E4E23C43DB6E722E9D0B18FE3C3C:\Windows\System32\DRIVERS\cdfs.sys 990B1BABE6E81FB18E65A87EBEFB1772C:\Windows\System32\drivers\cdrom.sys 339BFF85D788268752DA8C9644B188EEC:\Windows\System32\drivers\circlass.sys F64B7D1A37CC1D5F421D5359EEC81E2EC:\Windows\System32\drivers\CLFS.sys 9905168708DB68849B879B5548F68AB3C:\Windows\System32\drivers\CmBatt.sys 2DC8538A2260647484A6C921CA837313C:\Windows\System32\Drivers\cng.sys DBF9E5346431557BF56F41E7F8EC0DC1C:\Windows\System32\drivers\CompositeBus.sys 0E5B1E9E7122EDAAF1F6CE047965CA92C:\Windows\System32\drivers\condrv.sys D9CB0782AF819548072AA45B70F8B22DC:\Windows\System32\drivers\csc.sys F2C69C3D98249DE14D4B2832516D4FD5C:\Windows\System32\drivers\dam.sys FAEF4C245BE832DB41B15DAAC336AFB7C:\Windows\System32\Drivers\dfsc.sys 431141C6859990824D17F71C30A78728C:\Windows\System32\drivers\discache.sys 3C736FAE17BA6F91BA37594AAB139CD0C:\Windows\System32\drivers\disk.sys AE3786294CC246A5403783E1B86A0168C:\Windows\System32\drivers\dmvsc.sys 82A7C72593793FE1EADA7A305BD1567AC:\Windows\system32\DRIVERS\Dot4.sys 27069CFFF29B7F04F4B1BB10154BE52BC:\Windows\System32\drivers\Dot4Prt.sys 0BD906A79F9CE3013F7D9D0AC45F9F9DC:\Windows\system32\DRIVERS\dot4usb.sys B7D595F2F464F7B628AD53F06547792CC:\Program Files\ma-config.com\Drivers\driverhardwarev2x64.sys B28C853770C995552B9F5760D8245F44C:\Windows\system32\drivers\drmkaud.sys 9C7C183F937951AE17C5B8B3259CF3FFC:\Windows\System32\drivers\dtsoftbus01.sys 33F90B202E9DD9B7D489EB59310FDC34C:\Windows\System32\drivers\dxgkrnl.sys 2BB5627EB587FA995086C3D8C21B6D3FC:\Windows\System32\drivers\evbda.sys 5AB97B3282D7D6114949D1EB5C8598E4C:\Windows\System32\drivers\EhStorClass.sys 66D60BD9A4C05616ABECA2A901475098C:\Windows\System32\drivers\EhStorTcgDrv.sys A61D0F543024E458C0FE32352E1978E2C:\Windows\System32\drivers\errdev.sys D790D058D67582DB9C84C2D33695FE6BE:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys 00C3C6C55C435810C9475C219F4D1B26C:\Windows\System32\Drivers\exfat.sys 7A4D6FEB8C52B3FE855E4DCDF9107E03C:\Windows\System32\Drivers\fastfat.sys 60996602A7111FD2D086E803F33E4282C:\Windows\System32\drivers\fdc.sys 73B2D11DF0B6E03A0CB0323218ACB3E4C:\Windows\System32\drivers\fileinfo.sys 88A9EBACD1058ABB237A6B4E96E7F397C:\Windows\System32\drivers\filetrace.sys 9E4EE3A0B00FF7D5F42A4AF9744CBA02C:\Windows\System32\drivers\flpydisk.sys B1D4C168FF7B8579E3745888658FFB1DC:\Windows\System32\drivers\fltmgr.sys B33EC133AE4E6C1881D2302D93D2467DC:\Windows\System32\drivers\FsDepends.sys A5F7873A39E4E9FAAAE59B7E9E36B705C:\Windows\System32\Drivers\Fs_Rec.sys A6DD7D491F587F4BC13FB972977DC8E8C:\Windows\System32\DRIVERS\fvevol.sys C1646A95EAC515F60CDB2A7A8A013C1EC:\Windows\System32\drivers\fxppm.sys A969D92973DFA895E7776B4BFE36DBB2C:\Windows\System32\drivers\gagp30kx.sys 52BC441E07A827EBAB70CDC7EAEDB28DC:\Windows\System32\drivers\vmgencounter.sys 721F8EEF5E9747F32670DEFF7FB92541C:\Windows\System32\Drivers\msgpioclx.sys FC2B8B06BDBD3B6457F5A3DA9AD2410EC:\Windows\system32\drivers\HdAudio.sys 630555943E5A3FE21010CE91EC7FC84FC:\Windows\System32\drivers\HDAudBus.sys 58CC013EFA9893057160EDA018D8ADCEC:\Windows\System32\drivers\HECIx64.sys B6AC71AAA2B10848F57FC49D55A651AFC:\Windows\System32\drivers\HidBatt.sys 3F76BBA53D65E85A7F53E7A71082082CC:\Windows\System32\drivers\hidbth.sys 085F150D002B7F0153D3C06DDF33A143C:\Windows\System32\drivers\hidi2c.sys CC4A07E51D89575CAB6F4EB590D87CD4C:\Windows\System32\drivers\hidir.sys DC96F7DACB777CDEAEF9958A50BFDA06C:\Windows\System32\drivers\hidusb.sys 012C354B4AB48E9A7A657DF39E3A2073C:\Windows\System32\drivers\HpSAMD.sys 64DB7A8D97CA53DCCF93D0A1E08342CFC:\Windows\System32\drivers\HTTP.sys F4A91D985EB9D1D2717D538F3424603CC:\Windows\System32\drivers\hwpolicy.sys 2A98301068801700906C06649860FE94C:\Windows\System32\drivers\hyperkbd.sys DC76901D82097C9E297F20C287CB9A27C:\Windows\system32\DRIVERS\HyperVideo.sys 716413AB3CA12DE0A7222D28C1C9352CC:\Windows\System32\drivers\i8042prt.sys C9E9CBF73AFFBFE3E801EFB516787BA3C:\Windows\System32\drivers\iaStorA.sys 57CD95DEB3529181BCC931DD2DFB2341C:\Windows\System32\drivers\iaStorV.sys 5E394EBD26FD68AA9300332C46BEDD62C:\Windows\System32\drivers\iirsp.sys 24847A06B84339FEEDE5CABF3D27D320C:\Windows\System32\drivers\intelide.sys 4F37726CF764CA18A8A84F85EF3A7F24C:\Windows\System32\drivers\intelppm.sys E15CDF68DD73423F15D4AC404793AF0DC:\Windows\System32\DRIVERS\ipfltdrv.sys 8FCA66234A0933D796BB780B7953BAB9C:\Windows\System32\drivers\IPMIDrv.sys A4071DA3AE419F9694BFCB267C7DB8D7C:\Windows\System32\drivers\ipnat.sys 3969B9C218DD3FAA9F4ED2FFC3651C02C:\Windows\System32\drivers\irenum.sys 25CD7C4BB2863FFC2B0B311F0AEBF77CC:\Windows\System32\drivers\isapnp.sys D940C5BB9DC92E588533C19ABCC3D2C2C:\Windows\System32\drivers\msiscsi.sys E6530FD4F61B40F338BF4355A21B9A09C:\Windows\System32\drivers\jmcr.sys 7DABE2B788FF1EB32E38838EC189361EC:\Windows\System32\drivers\kbdclass.sys 8FBD94B69D6423E20ABCD59D86368B21C:\Windows\System32\drivers\kbdhid.sys E88C932ABDF8185A62C8F2FC7B051FB6C:\Windows\system32\DRIVERS\kdnic.sys FB6C185092E18011EF49989425C2AA87C:\Windows\System32\Drivers\ksecdd.sys 8B3EB6372436195B8EA8AE09A184BCE2C:\Windows\System32\Drivers\ksecpkg.sys 0EB535ADDC065F2D0CBFC089630A6065C:\Windows\system32\drivers\ksthunk.sys 81492FEEBF2F26455B00EE8DBAE8A1B0C:\Windows\system32\DRIVERS\lltdio.sys CEEFD29FC551F289810B0B9381B321DCC:\Windows\System32\drivers\lsi_sas.sys 022CDD12161B063D7852B1075BF3FFF2C:\Windows\System32\drivers\lsi_sas2.sys 07AD59D669B996F29F91817F0ECFA34FC:\Windows\System32\drivers\lsi_scsi.sys 216FB796AA4E252ACCE93B1BCB80B5ECC:\Windows\System32\drivers\lsi_sss.sys 5E80530AF37102488EE980B4A92AF99FC:\Windows\system32\drivers\luafv.sys 2BDC5D711FA61307CE6190D47C956368C:\Windows\system32\drivers\mbam.sys CA43F8904E24BBE49982E4C0B29E6579C:\Windows\system32\drivers\mwac.sys 9D7BFFDB5FA62B600DF1FCB4919D9D79C:\Windows\System32\drivers\megasas.sys 9B0D829C3BE4E7472DB9DD2B79908E3CC:\Windows\System32\drivers\MegaSR.sys ECC3F54C7AFC318271C4F0B4606D8DB0C:\Windows\System32\drivers\modem.sys 780098AD5DA8A4822E2563984C85EF7BC:\Windows\System32\drivers\monitor.sys EA8EAD3F5B762F889CC7F3966625B48BC:\Windows\System32\drivers\mouclass.sys 618446B98C79776654340CE27C73485EC:\Windows\System32\drivers\mouhid.sys C0ADEBED913295803B579ED288936CBBC:\Windows\System32\drivers\mountmgr.sys E7E9DBFDD3F25ED0C05B99AE9FA18BDEC:\Windows\System32\drivers\mpsdrv.sys 4CCBBD4944777CA100B9A6C2F149A46FC:\Windows\system32\drivers\mrxdav.sys 3D70147F55F1EC84EB9139ED7FFE48BCC:\Windows\System32\DRIVERS\mrxsmb.sys 14EE56050E1637926F5CFA65B1F4209BC:\Windows\System32\DRIVERS\mrxsmb10.sys 06D5F2FA3C61E8EA91648EA8E9F99FD3C:\Windows\System32\DRIVERS\mrxsmb20.sys 0AA400AB21745F1153ECE75E0186509AC:\Windows\system32\DRIVERS\bridge.sys 98487487D6B3797CA927E9D7B030AE13C:\Windows\System32\Drivers\Msfs.sys 3886F1F2A4D2900ABAA7E4486BEEE6A2C:\Windows\System32\drivers\msgpiowin32.sys C32A7A39B960A42BA9D4FBE47213CA03C:\Windows\System32\drivers\mshidkmdf.sys D3857A767B91A061B408CCAB02DA4F40C:\Windows\System32\drivers\mshidumdf.sys 839B48910FB1E887635C48F3EC11A05EC:\Windows\System32\drivers\msisadrv.sys 55C0DB741E3AB7463242B185B1C2997CC:\Windows\system32\drivers\MSKSSRV.sys 509809566E49F4411055864EA8D437CDC:\Windows\system32\DRIVERS\mslldp.sys 63145201D6458E4958E572E7D6FC2604C:\Windows\system32\drivers\MSPCLOCK.sys 99D526E803DB6D7FF290FD98B6204641C:\Windows\system32\drivers\MSPQM.sys 06FA77C3E2A491ADCD704C5E73006269C:\Windows\System32\Drivers\MsRPC.sys E134EC4DE11CF78CB01432D180710D84C:\Windows\System32\drivers\mssmbios.sys B5AECF12F09DEE97C9FCAA5BA016CE1EC:\Windows\system32\drivers\MSTEE.sys 72D66A05E0F99F2528F6C6204FD22AA1C:\Windows\System32\drivers\MTConfig.sys 8AAAE399FC255FA105D4158CBA289001C:\Windows\system32\DRIVERS\ATK64AMD.sys A523D9F6AEB152C4480D754DF7FA9F7FC:\Windows\System32\Drivers\mup.sys 3BCB702F3E6CC622DCAFCAA45D7CDE0AC:\Windows\System32\drivers\mvumis.sys 3A1E095277BBD406CEA8EA6B76950664C:\Windows\system32\DRIVERS\nwifi.sys 43D7388A90A4C6EA346A4D6FF0377479C:\Windows\System32\drivers\ndis.sys A10E176F3B2BF83EDE7B5C4658C93B66C:\Windows\system32\DRIVERS\ndiscap.sys 39C8A1D9D46F5E83A016BCAB72455284C:\Windows\system32\DRIVERS\NdisImPlatform.sys 762941932B7E4C588E48A577BA9D6440C:\Windows\system32\DRIVERS\ndistapi.sys 7A6F8A6D0E01432EBA294EF29CDD0FA7C:\Windows\system32\DRIVERS\ndisuio.sys 79AB68BB3FFF974AD4F41FA559F4EC67C:\Windows\system32\DRIVERS\ndiswan.sys 62C7DBF4F9301F76CF87D4B9D8F57BF8C:\Windows\system32\DRIVERS\ndiswan.sys 62C7DBF4F9301F76CF87D4B9D8F57BF8C:\Windows\System32\Drivers\NDProxy.sys 3730942D7DB2F8BB5F84542B7FF6F650C:\Windows\System32\drivers\Ndu.sys D3F60A4345FCA9C1BE68AD7D0D6DE770C:\Windows\System32\DRIVERS\netbios.sys 7C203A76394F9AE68F69EEE5F9612C4AC:\Windows\System32\DRIVERS\netbt.sys 7CEC25C682D319D484630B3952C31A11C:\Windows\system32\DRIVERS\NETJME.sys 30ABBC9225F9A6ABE827DCDEC304E5A9C:\Windows\System32\drivers\nfrd960.sys 12DD2800E4EEA37DC9AE256AD62423B4C:\Windows\system32\DRIVERS\nm3.sys F554C5FD7BD1EFA4DA5CFE2EED86391FC:\Windows\System32\drivers\npf.sys DE7FCC77F4A503AF4CA6A47D49B3713DC:\Windows\System32\Drivers\Npfs.sys 17E19A742FB30C002F8B43575451DBE1C:\Windows\System32\drivers\npsvctrig.sys 8ED299C30792544264E558BEA79F0947C:\Windows\System32\drivers\nsiproxy.sys 689B3B1E95C70ABF7AFF29F9406EF1E0C:\Windows\System32\Drivers\Ntfs.sys 7BE3EDFFA3216F989A6BDCB14795DD08C:\Windows\System32\Drivers\Null.sys 4163ADE07DB51843AE31F65B94F5398DC:\Windows\System32\drivers\nvraid.sys D6D34118263412D3AAA8348A9572B7F2C:\Windows\System32\drivers\nvstor.sys 27AFC428D1D32ABD04A86763A4EDDEA9C:\Windows\System32\drivers\nv_agp.sys 051CFB5107BAAE510419BDC41F8C4036C:\Windows\System32\drivers\parport.sys 4563DAF8C6A740AD7F501E219BD10766C:\Windows\System32\drivers\partmgr.sys D6ACCF9F2EEEEA711C14EFD976E573F3C:\Windows\System32\drivers\pci.sys 4A003E8F718C1E6A2050CA98CD53E3E2C:\Windows\System32\drivers\pciide.sys F9908D274D458220F91E89B54D78D837C:\Windows\System32\drivers\pcmcia.sys 84D19CB6102627932DCB5DFDF89FE269C:\Windows\System32\drivers\pcw.sys CEBBAD5391C2644560C55628A40BFD27C:\Windows\System32\drivers\pdc.sys 0698DEDEAD6A00AD0D468C687D830FBFC:\Windows\System32\drivers\peauth.sys 61FE70659CD43E07F94DA4DC31DEC493C:\Windows\system32\DRIVERS\raspptp.sys 362D47E5B4D67270DE4B8606036F4ADDC:\Windows\System32\drivers\processr.sys DD979EB6A7212F60E4AFBE96EDC7AE6DC:\Windows\system32\DRIVERS\pacer.sys EB8034147D4820CD31BFCB11A2A652DFC:\Windows\system32\drivers\qwavedrv.sys 13D47BB0CCA2FC51BD15F8E85C6A078EC:\Windows\System32\DRIVERS\rasacd.sys 873C60F8178100557740A832FCE10B5FC:\Windows\system32\DRIVERS\AgileVpn.sys 69B93F623B130976243ECA3D84CC99CAC:\Windows\system32\DRIVERS\rasl2tp.sys A14D625C5AEE5FFE0F47D1A1D419FAAEC:\Windows\system32\DRIVERS\raspppoe.sys 00695B9C2DB6111064499C529E90C042C:\Windows\system32\DRIVERS\rassstp.sys A7F24D8CD1956B0A1FDCB86CC5114DE4C:\Windows\System32\DRIVERS\rdbss.sys CA03D642ACE58E1BA54E4B383F91CD69C:\Windows\System32\drivers\rdpbus.sys CA7DF5EC95D8DE0DD24BE7FF97369F68C:\Windows\System32\drivers\rdpdr.sys B2A3AD74FF2E2FFA73AF2567108231B3C:\Windows\System32\drivers\rdpvideominiport.sys 57F4787E4602A3FCA719C0A33137C6DAC:\Windows\System32\Drivers\RDPWD.sys B3CB0721E81E30419CE7D837EF4EA151C:\Windows\System32\drivers\rdyboost.sys 62C1F8A0685FE07E998AA296C4F697C4C:\Windows\system32\DRIVERS\rspndr.sys E04E770DD198B9399640717145E79EBFC:\Windows\system32\DRIVERS\wg111v3.sys 4A06585C8673F4458E9FBBC9DDDB4D28C:\Windows\System32\drivers\vms3cap.sys 752EC7DCD2F96871A3857EEE6AFE965AE:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 3289766038DB2CB14D07DC84392138D5E:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 58A38E75F3316A83C23DF6173D41F2B5C:\Windows\System32\drivers\sbp2port.sys 9C7B28CE0D136DB226E24DB3BC817F92C:\Windows\System32\DRIVERS\scfilter.sys 5D7733A12756B267FCA021672B26BC9EC:\Windows\System32\drivers\sdbus.sys F58B030A0664385C707B8C1C63682041C:\Windows\System32\drivers\sdstor.sys BB107AA9980B0DA4E19A3A90C3BD4460C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legitC:\Windows\System32\drivers\SerCx.sys 87C46B239A7EEF30FDFDD5E9BD46130CC:\Windows\System32\drivers\serenum.sys 7A1F9347C85FD55E39B8A76B3A25C5ADC:\Windows\System32\drivers\serial.sys F640A0A218BBF857F1D04A15D7D939F6C:\Windows\System32\drivers\sermouse.sys F1A5F56B2620B862CC28FF96A0A6DAABC:\Windows\System32\drivers\sfloppy.sys 7EE65419B29302C795714FF8073969A1C:\Windows\System32\drivers\SiSRaid2.sys 2560721D6F16D5B611C36A3A9D28C1B2C:\Windows\System32\drivers\sisraid4.sys 3AA8FDE1DBF65BB8B88B053529554A0DC:\Windows\System32\drivers\spaceport.sys 9110193D93960E38B8692E4519C75D72C:\Windows\System32\drivers\SpbCx.sys 3D8679C8DF52EB26EB7583A4E0A29202C:\Windows\System32\DRIVERS\srv.sys 0F1FCD575A03ABDE13FCA9D0ADE4DDA6C:\Windows\System32\DRIVERS\srv2.sys B56A855B23676CCE05B626C6037FD02FC:\Windows\System32\DRIVERS\srvnet.sys 78E9665C8DC59106D133CBEF0F0C3DE3C:\Windows\System32\drivers\stexstor.sys 4E85355B94CFCB67C135F6521A4895A7C:\Windows\System32\drivers\storahci.sys B240874B2CA0CD02E8CD11E140B14C57C:\Windows\System32\DRIVERS\vmstorfl.sys F74DBC95A57B1EE866D3732EB5F79BE2C:\Windows\System32\drivers\storvsc.sys 543CD3CC0E05B8D8815E0D4F040B6F59C:\Windows\System32\drivers\storvsp.sys 1A36AC469140F87CDE62D7F8524E270CC:\Windows\System32\drivers\swenum.sys 4AFD66AAE74FFB5986BC240744DC5FC9C:\Windows\system32\DRIVERS\SynTP.sys 5385DA405FDAAB0BD2AF0B24723FBA46C:\Windows\System32\drivers\tcpip.sys 2AE9136724568DB4F08BC04F131CFC54C:\Windows\system32\DRIVERS\tcpip.sys 2AE9136724568DB4F08BC04F131CFC54C:\Windows\System32\drivers\tcpipreg.sys 8F2A13A5DF99D72FDDE87F502A66F989C:\Windows\system32\DRIVERS\tdx.sys 73DC722CE5DF26D7638CE2446F2655C7C:\Windows\System32\drivers\terminpt.sys F7C8AB5D8AFFAA318D6A21093D139BF4C:\Windows\system32\drivers\tpm.sys E94F7A7B48C7638D1F3F8089344C97B7C:\Windows\System32\drivers\tsusbflt.sys 4E7C5FB10A50435523DE0CAA37DE2BD3C:\Windows\System32\drivers\TsUsbGD.sys 16D684A820872EE54F6370703AC0B513E:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys 7BC3381C0713F613B31ACDE38B71CB53C:\Windows\system32\DRIVERS\tunnel.sys 78C9EE193AC2B4CBDBC48B620314D740C:\Windows\System32\drivers\uagp35.sys 6D4F67CA56ACA2085DFA2CD89EAFBC1AC:\Windows\System32\drivers\uaspstor.sys 6FD6D03B7752C78712E5CFF29A305026C:\Windows\System32\drivers\ucx01000.sys 061BA3EE0D2BE17944990544008CF190C:\Windows\System32\DRIVERS\udfs.sys 25C50F4EDF70D0A831E0566BD181CCF2C:\Windows\System32\drivers\uliagpkx.sys 07FEBCDF24FABA0D47B635D85A0FFB7AC:\Windows\System32\drivers\umbus.sys 02CEB3FE6152668A7BA420B93B664860C:\Windows\System32\drivers\umpass.sys 991EE6B5FC41EAEF99C8AF5B92F2CA09C:\Windows\system32\drivers\usbaudio.sys 9E9F21FF91D7ECC0BCCB94D3FE52A959C:\Windows\System32\drivers\usbccgp.sys C976C4306F9AE133D6BBD47FDFC3BF92C:\Windows\System32\drivers\usbcir.sys 427B6DB8C05A5A977E8C3525370A2595C:\Windows\System32\drivers\usbehci.sys B24FDEB1B18496F1B463782235AA3AF1C:\Windows\System32\drivers\usbhub.sys F8C2A832DF9403F5EA8080CBDBDA95FBC:\Windows\System32\drivers\UsbHub3.sys FAAB461D5AEB21EE5FC5C0DBD6648223C:\Windows\System32\drivers\usbohci.sys 325F6179009B5A7F6118951A5BA422ABC:\Windows\System32\drivers\usbprint.sys 9FDBA6982582A6F2354144980F641E7BC:\Windows\system32\DRIVERS\usbscan.sys AD91D1BBE5D3CF4501887DC1C09384FDC:\Windows\System32\drivers\USBSTOR.SYS BFC7FE4AAEB61317A921871B4085EF4BC:\Windows\System32\drivers\usbuhci.sys 1ABF657259DB57F7E5558E4DF1357C0CC:\Windows\System32\Drivers\usbvideo.sys 9EF7C01D3ACCBC243B5CB1A95865B2FFC:\Windows\System32\drivers\USBXHCI.SYS 8DC398D7B8E02C929A2096E74A170970C:\Windows\System32\drivers\vdrvroot.sys BACECBFF9C97F7627A60B0E0F1FE7EE8C:\Windows\System32\drivers\VerifierExt.sys 74FA2D4368DE6F6CE14393EDF1F342BEC:\Windows\system32\DRIVERS\vfilter.sys E4DA1D85CCCB610DFF0C0E116900E17FC:\Windows\System32\drivers\vhdmp.sys 500BE6B2E49883720D0AE8BB859ED7A3C:\Windows\System32\drivers\viaide.sys F5B4A14B00E89250C50982AC762DDD1DC:\Windows\System32\drivers\Vid.sys 0E43886F01C85B47BA0A3157274BCF59C:\Windows\System32\drivers\vmbus.sys 78DB50F7329F6D1311658DABFFFC8BE0C:\Windows\System32\drivers\VMBusHID.sys ECFEE2F2BA3932C7880D1A8F67D68F91C:\Windows\System32\drivers\vmbusr.sys B4F432A51826FFC66F4DF72A83E8E4B1C:\Windows\system32\DRIVERS\virtualnet.sys A99CA064AD11266FE7067A79BF78BBB5C:\Windows\System32\drivers\volmgr.sys CB60FAAED8B49B812EBBF77EB87D9B18C:\Windows\System32\drivers\volmgrx.sys A74101DA9809251BCD0E5A26BAE0F824C:\Windows\System32\drivers\volsnap.sys AA37946941ED3805AB3A924965907147C:\Windows\System32\drivers\vpci.sys A8DA1C1B52ECEA3726DEBED4FF1B700DC:\Windows\System32\drivers\vpcivsp.sys 0190AFFF28F600461C0164353CC7EE27C:\Windows\System32\drivers\vpnpbus.sys 0A896CED40823D46BCDCD3AD8D664C96C:\Windows\System32\drivers\vsmraid.sys 38A60CD9C009C55C6D3B5586F8E6A353C:\Windows\System32\drivers\vstxraid.sys A0F6FE0FC2F647C22BBFD6BD4249DBCCC:\Windows\System32\drivers\vwifibus.sys 62460A45435A26A334907E3F2EA45611C:\Windows\system32\DRIVERS\vwififlt.sys 095E943D27025E4D588AF0A72CC2318FC:\Windows\system32\DRIVERS\vwifimp.sys 73FA1A41A97A5C34ADC03B3577FF1A86C:\Windows\System32\drivers\wacompen.sys 6B806E893714019969E2B50D7EF6A4D9C:\Windows\system32\DRIVERS\wanarp.sys 61F6972FF9AC9A8D0B4D62076DC30051C:\Windows\system32\DRIVERS\wanarp.sys 61F6972FF9AC9A8D0B4D62076DC30051C:\Windows\System32\drivers\wd.sys B3A4D918DAB90505B6BC7B70632913CBC:\Windows\System32\drivers\WdBoot.sys B7FD627AAE8E95848BFEC437C923A87EC:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8C:\Windows\System32\drivers\WdFilter.sys FAC362ED29713A535C6E2EEFFA5B4733C:\Windows\System32\DRIVERS\wfplwfs.sys 44BB9C31E6242C4BD1CE7C2B440C2533C:\Windows\System32\drivers\wimmount.sys A3C7624A42A3447EF5EDD1ED37FE4E60C:\Windows\system32\DRIVERS\WinUsb.sys BB20956C424531003F7FA6CD36F11D5DC:\Windows\System32\drivers\wmiacpi.sys E2A596CACFC6504306CDB7B593B90084C:\Windows\System32\DRIVERS\wpcfltr.sys C6FF953D5D6F2EAE3B8883474D5076B3C:\Windows\System32\drivers\WpdUpFltr.sys 0346CAFC181C91C6E2330332EB332ED6C:\Windows\system32\drivers\ws2ifsl.sys BC8B5CB336E63BB25EAD1CE8EDD34B81C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869FC:\Windows\System32\drivers\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659C:\Windows\system32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659C:\Windows\system32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2014-12-23 21:45 - 2014-12-23 21:46 - 00000000 ____D () C:\FRST2014-12-23 18:12 - 2014-12-23 18:12 - 00000888 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk2014-12-23 18:12 - 2014-12-23 18:12 - 00000000 ____D () C:\Users\vorsc_000\AppData\Roaming\SUPERAntiSpyware.com2014-12-23 18:12 - 2014-12-23 18:12 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com2014-12-23 18:12 - 2014-12-23 18:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware2014-12-21 16:09 - 2014-12-21 16:09 - 00000000 ___HD () C:\Users\vorsc_000\Documents\ProcessClean2014-12-17 00:04 - 2014-12-09 08:12 - 00590816 _____ (Microsoft Corporation) C:\Windows\system32\AutoUpdate.exe2014-12-17 00:04 - 2014-12-09 08:12 - 00467408 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe2014-12-16 23:19 - 2014-12-16 23:20 - 00000000 ____D () C:\Users\vorsc_000\AppData\Roaming\.clamwin2014-12-16 23:19 - 2014-12-16 23:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClamWin Antivirus2014-12-16 23:18 - 2014-12-16 23:18 - 00000000 ____D () C:\ProgramData\.clamwin2014-12-16 23:14 - 2014-12-16 23:15 - 00000000 ____D () C:\Users\vorsc_000\AppData\Roaming\TinyWall2014-12-16 23:12 - 2014-12-23 17:52 - 00000000 ____D () C:\ProgramData\TinyWall2014-12-16 23:12 - 2014-12-16 23:14 - 00000693 _____ () C:\Windows\system32\InstallUtil.InstallLog2014-12-16 23:12 - 2014-12-16 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TinyWall2014-12-16 23:12 - 2014-12-16 23:14 - 00000000 ____D () C:\Program Files (x86)\TinyWall2014-12-10 00:35 - 2014-10-09 05:00 - 01519104 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll2014-12-10 00:35 - 2014-10-09 05:00 - 01484288 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe2014-12-10 00:35 - 2014-10-09 05:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\vsstrace.dll2014-12-10 00:35 - 2014-10-09 04:59 - 01195520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll2014-12-10 00:35 - 2014-10-09 04:59 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vsstrace.dll2014-12-09 21:51 - 2014-10-11 08:44 - 19764736 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll2014-12-09 21:51 - 2014-10-11 06:57 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2014-12-09 21:51 - 2014-10-09 04:59 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll2014-12-09 21:51 - 2014-10-09 04:59 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll2014-12-09 21:51 - 2014-10-09 04:58 - 00458240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll2014-12-09 21:51 - 2014-09-22 06:38 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll2014-12-09 21:51 - 2014-09-22 04:56 - 00513536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll2014-12-09 21:51 - 2014-09-18 00:24 - 00987136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmclient.dll2014-12-09 21:51 - 2014-09-18 00:24 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmscan.dll2014-12-09 21:51 - 2014-09-18 00:24 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srm.dll2014-12-09 21:51 - 2014-09-18 00:24 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adrclient.dll2014-12-09 21:51 - 2014-09-17 23:57 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\srmclient.dll2014-12-09 21:51 - 2014-09-17 23:57 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\srmscan.dll2014-12-09 21:51 - 2014-09-17 23:57 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\srm.dll2014-12-09 21:51 - 2014-09-17 23:57 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\adrclient.dll2014-12-09 21:50 - 2014-11-21 09:38 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-12-09 21:50 - 2014-11-21 09:38 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-12-09 21:50 - 2014-11-21 09:37 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-12-09 21:50 - 2014-11-21 09:37 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll2014-12-09 21:50 - 2014-11-21 09:37 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll2014-12-09 21:50 - 2014-11-21 09:36 - 19283456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-12-09 21:50 - 2014-11-21 09:36 - 15400960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-12-09 21:50 - 2014-11-21 09:36 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-12-09 21:50 - 2014-11-21 09:36 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-12-09 21:50 - 2014-11-21 09:36 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2014-12-09 21:50 - 2014-11-21 09:36 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-12-09 21:50 - 2014-11-21 09:36 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-12-09 21:50 - 2014-11-21 09:36 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-12-09 21:50 - 2014-11-21 09:36 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-12-09 21:50 - 2014-11-21 09:36 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-12-09 21:50 - 2014-11-21 09:36 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll2014-12-09 21:50 - 2014-11-21 09:36 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-12-09 21:50 - 2014-11-21 09:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-12-09 21:50 - 2014-11-21 09:36 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-12-09 21:50 - 2014-11-21 09:36 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-12-09 21:50 - 2014-11-21 09:35 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-12-09 21:50 - 2014-11-21 08:17 - 14364672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-12-09 21:50 - 2014-11-21 08:17 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-12-09 21:50 - 2014-11-21 08:17 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-12-09 21:50 - 2014-11-21 08:17 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-12-09 21:50 - 2014-11-21 08:17 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-12-09 21:50 - 2014-11-21 08:17 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll2014-12-09 21:50 - 2014-11-21 08:16 - 13758976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-12-09 21:50 - 2014-11-21 08:16 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-12-09 21:50 - 2014-11-21 08:16 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-12-09 21:50 - 2014-11-21 08:16 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-12-09 21:50 - 2014-11-21 08:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2014-12-09 21:50 - 2014-11-21 08:16 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-12-09 21:50 - 2014-11-21 08:16 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-12-09 21:50 - 2014-11-21 08:16 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-12-09 21:50 - 2014-11-21 08:16 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-12-09 21:50 - 2014-11-21 08:16 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2014-12-09 21:50 - 2014-11-21 08:16 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-12-09 21:50 - 2014-11-21 08:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-12-09 21:50 - 2014-11-21 08:16 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-12-09 21:50 - 2014-11-21 08:00 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-12-09 21:50 - 2014-11-21 07:54 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-12-09 21:50 - 2014-11-21 05:30 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll2014-12-09 21:50 - 2014-11-06 07:50 - 01627648 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll2014-12-09 21:50 - 2014-11-06 06:03 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll2014-12-09 21:49 - 2014-10-30 08:20 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll2014-12-09 21:49 - 2014-10-30 06:22 - 01569792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll2014-12-07 03:43 - 2014-12-07 03:43 - 00000000 ____D () C:\Users\vorsc_000\AppData\Local\TeamViewer2014-12-07 03:23 - 2014-12-07 03:27 - 00000000 ____D () C:\Users\vorsc_000\AppData\Roaming\livestreamer2014-12-05 23:54 - 2014-12-06 00:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Weezo2014-12-05 23:54 - 2014-12-05 23:54 - 00000716 _____ () C:\Users\vorsc_000\Desktop\Weezo.lnk2014-12-05 23:53 - 2014-12-05 23:54 - 00000000 ____D () C:\Users\vorsc_000\AppData\Roaming\Weezo2014-12-05 23:45 - 2014-12-17 23:46 - 00000979 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk2014-12-03 22:41 - 2014-12-23 17:18 - 00000843 _____ () C:\Users\vorsc_000\Desktop\ZHPCleaner.lnk2014-12-03 22:07 - 2014-12-03 22:07 - 00013030 _____ () C:\PDOXUSRS.NET2014-12-02 19:20 - 1999-11-12 05:11 - 00183808 _____ () C:\Windows\SysWOW64\BDEADMIN.CPL2014-12-02 19:20 - 1999-01-20 05:01 - 00210032 _____ () C:\Windows\SysWOW64\DBCLIENT.DLL2014-12-02 19:11 - 2014-12-03 22:55 - 00000000 ____D () C:\Users\vorsc_000\AppData\Roaming\ZHP2014-12-02 19:11 - 2014-12-02 19:11 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag2014-11-30 20:53 - 2014-11-30 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype2014-11-30 00:46 - 2014-11-30 00:46 - 00002606 _____ () C:\Users\vorsc_000\Documents\BxCryptKey.pfx2014-11-30 00:16 - 2014-11-30 00:16 - 00000000 ____D () C:\Users\vorsc_000\AppData\Local\Blizzard2014-11-29 23:56 - 2014-11-29 23:57 - 02868792 _____ (Blizzard Entertainment) C:\Users\vorsc_000\Downloads\Battle.net-Setup-frFR.exe2014-11-29 20:03 - 2014-11-30 13:24 - 00000000 ____D () C:\Program Files (x86)\Hearthstone2014-11-29 20:03 - 2014-11-29 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone2014-11-28 21:23 - 2014-11-30 00:24 - 00000000 ____D () C:\Users\vorsc_000\AppData\Local\Boxcryptor2014-11-28 21:23 - 2013-11-15 14:45 - 00218408 _____ (EldoS Corporation) C:\Windows\SysWOW64\cbfsNetRdr4.dll2014-11-28 21:23 - 2013-11-15 14:45 - 00120104 _____ (EldoS Corporation) C:\Windows\system32\cbfsNetRdr4.dll2014-11-28 21:23 - 2013-11-15 14:44 - 00183080 _____ (EldoS Corporation) C:\Windows\system32\cbfsMntNtf4.dll2014-11-28 21:23 - 2013-11-15 14:43 - 00156456 _____ (EldoS Corporation) C:\Windows\SysWOW64\cbfsMntNtf4.dll2014-11-28 21:23 - 2013-11-15 14:37 - 00387776 _____ (EldoS Corporation) C:\Windows\system32\Drivers\cbfs4.sys2014-11-28 21:22 - 2014-11-28 21:22 - 00001716 _____ () C:\Users\Public\Desktop\Boxcryptor.lnk2014-11-28 21:22 - 2014-11-28 21:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Boxcryptor2014-11-28 21:22 - 2013-11-15 14:45 - 00009000 _____ (EldoS Corporation) C:\Windows\system32\elevtmsg.dll2014-11-28 21:22 - 2013-11-15 14:37 - 00018624 _____ (EldoS Corporation) C:\Windows\system32\Drivers\vpnpbus.sys2014-11-23 16:07 - 2014-12-11 20:15 - 00000000 ____D () C:\Windows\rescache==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2014-12-23 21:44 - 2014-08-31 21:44 - 00000000 ____D () C:\Program Files (x86)\ITbrain Agent2014-12-23 21:41 - 2014-08-20 17:09 - 00003810 _____ () C:\Users\vorsc_000\AppData\Localtransition_9d62b07e9962d1faa07f4aeb00bc5afa.ini2014-12-23 21:02 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru2014-12-23 20:34 - 2014-11-14 01:27 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit2014-12-23 19:02 - 2013-07-31 15:17 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1189660985-1833294608-1615783760-10012014-12-23 18:52 - 2014-05-23 19:50 - 00000000 ____D () C:\ProgramData\Package Cache2014-12-23 18:18 - 2014-06-01 01:52 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-12-23 18:15 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-12-23 18:14 - 2014-09-14 17:15 - 00006308 _____ () C:\ProgramData\hpzinstall.log2014-12-23 18:10 - 2014-09-14 17:15 - 00000000 ____D () C:\Program Files (x86)\HP2014-12-23 18:09 - 2014-02-20 12:48 - 00000000 ____D () C:\ProgramData\HP2014-12-23 17:53 - 2014-10-21 21:48 - 00449904 _____ () C:\Windows\system32\FNTCACHE.DAT2014-12-23 17:53 - 2013-07-31 13:41 - 00066712 _____ () C:\Windows\PFRO.log2014-12-23 17:52 - 2012-07-26 06:26 - 00524288 ___SH () C:\Windows\system32\config\BBI2014-12-23 17:46 - 2014-05-16 17:09 - 00000000 ____D () C:\Program Files (x86)\NCH Software2014-12-23 17:43 - 2014-03-19 12:32 - 00119392 _____ () C:\Users\vorsc_000\AppData\Local\GDIPFONTCACHEV1.DAT2014-12-23 17:39 - 2013-10-02 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v32014-12-23 17:39 - 2012-07-26 11:11 - 00000000 ____D () C:\Windows\ShellNew2014-12-23 17:28 - 2014-07-11 16:52 - 00001024 _____ () C:\.rnd2014-12-23 17:26 - 2013-08-26 00:30 - 00000000 ____D () C:\Users\vorsc_000\AppData\Local\CRE2014-12-23 17:20 - 2013-07-31 15:07 - 00000000 ____D () C:\Users\vorsc_000\AppData\Local\VirtualStore2014-12-23 17:11 - 2013-07-31 15:07 - 01812318 _____ () C:\Windows\WindowsUpdate.log2014-12-23 17:09 - 2014-10-28 19:08 - 00000000 ____D () C:\Windows\system32\appmgmt2014-12-23 16:59 - 2014-11-14 00:58 - 00000817 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-12-23 16:59 - 2014-06-01 01:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-12-21 02:24 - 2014-09-14 17:20 - 00000000 ____D () C:\Users\vorsc_000\AppData\Roaming\HpUpdate2014-12-19 02:53 - 2014-06-01 12:10 - 00000000 ____D () C:\Program Files (x86)\Popcorn Time2014-12-18 23:40 - 2013-07-31 15:17 - 00000000 ____D () C:\Users\vorsc_000\AppData\Roaming\Dashlane2014-12-18 02:23 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp2014-12-17 23:47 - 2014-03-19 11:54 - 00000000 ____D () C:\Program Files (x86)\TeamViewer2014-12-16 23:28 - 2013-08-10 17:34 - 00000000 ____D () C:\Users\vorsc_000\AppData\Roaming\Dropbox2014-12-16 23:09 - 2014-11-14 01:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit2014-12-12 22:05 - 2013-07-31 15:15 - 00002189 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-12-11 00:35 - 2012-07-26 09:12 - 00000000 ___RD () C:\Windows\ToastData2014-12-10 00:41 - 2014-10-28 19:06 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-12-10 00:41 - 2013-07-31 23:07 - 00000000 ____D () C:\Windows\system32\MRT2014-12-10 00:36 - 2013-07-31 23:07 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-12-07 12:18 - 2014-04-12 15:24 - 00000000 ____D () C:\Users\vorsc_000\AppData\Roaming\vlc2014-12-07 03:48 - 2013-10-03 15:55 - 00360448 ___SH () C:\Users\vorsc_000\Desktop\Thumbs.db2014-12-02 03:24 - 2013-08-26 14:22 - 00000000 ____D () C:\Users\vorsc_000\AppData\Local\Battle.net2014-12-01 01:53 - 2014-02-21 18:07 - 00000000 ____D () C:\Users\vorsc_000\AppData\Roaming\Skype2014-11-30 20:53 - 2014-02-21 18:07 - 00000000 ___RD () C:\Program Files (x86)\Skype2014-11-30 20:53 - 2014-02-21 18:07 - 00000000 ____D () C:\ProgramData\Skype2014-11-30 13:24 - 2012-07-26 11:09 - 00802016 _____ () C:\Windows\system32\perfh00C.dat2014-11-30 13:24 - 2012-07-26 11:09 - 00156186 _____ () C:\Windows\system32\perfc00C.dat2014-11-30 13:24 - 2012-07-26 08:28 - 01796784 _____ () C:\Windows\system32\PerfStringBackup.INI2014-11-29 14:09 - 2013-07-31 17:30 - 00000000 ____D () C:\Users\vorsc_000\AppData\Roaming\uTorrent2014-11-28 21:07 - 2014-06-04 21:40 - 00000000 ____D () C:\Users\vorsc_000\AppData\Local\Razer2014-11-28 21:07 - 2014-06-04 21:39 - 00000000 ____D () C:\ProgramData\Razer2014-11-28 20:21 - 2014-07-10 19:06 - 00000000 ____D () C:\Users\vorsc_000\.zenmap2014-11-28 19:31 - 2014-05-12 14:54 - 00001038 _____ () C:\Users\vorsc_000\Desktop\Dropbox.lnk2014-11-28 19:31 - 2013-08-10 17:37 - 00000000 ____D () C:\Users\vorsc_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2014-11-28 19:26 - 2014-06-01 02:05 - 00000000 ____D () C:\Windows\AutoKMS2014-11-26 22:11 - 2014-11-17 19:51 - 00714184 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-11-26 22:11 - 2014-11-17 19:51 - 00106440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-11-23 13:53 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\NDFSome content of TEMP:====================C:\Users\vorsc_000\AppData\Local\Temp\dwl35ED.tmp.exe==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed==================== BCD ================================Gestionnaire de d‚marrage Windows---------------------------------identificateur          {bootmgr}device                  partition=C:description             Windows Boot Managerlocale                  fr-FRinherit                 {globalsettings}integrityservices       Enabledefault                 {current}resumeobject            {d07eb06f-f9e6-11e2-a494-ad09e1e166a2}displayorder            {current}toolsdisplayorder       {memdiag}timeout                 30Chargeur de d‚marrage Windows-----------------------------identificateur          {current}device                  partition=C:path                    \Windows\system32\winload.exedescription             Windows 8locale                  fr-FRinherit                 {bootloadersettings}recoverysequence        {d07eb071-f9e6-11e2-a494-ad09e1e166a2}integrityservices       Enablerecoveryenabled         Yesallowedinmemorysettings 0x15000075osdevice                partition=C:systemroot              \Windowsresumeobject            {d07eb06f-f9e6-11e2-a494-ad09e1e166a2}nx                      OptInbootmenupolicy          StandardChargeur de d‚marrage Windows-----------------------------identificateur          {d07eb071-f9e6-11e2-a494-ad09e1e166a2}device                  ramdisk=[C:]\Recovery\d07eb071-f9e6-11e2-a494-ad09e1e166a2\Winre.wim,{d07eb072-f9e6-11e2-a494-ad09e1e166a2}path                    \windows\system32\winload.exedescription             Windows Recovery Environmentlocale                  fr-FRinherit                 {bootloadersettings}displaymessage          Recoveryosdevice                ramdisk=[C:]\Recovery\d07eb071-f9e6-11e2-a494-ad09e1e166a2\Winre.wim,{d07eb072-f9e6-11e2-a494-ad09e1e166a2}systemroot              \windowsnx                      OptInbootmenupolicy          Standardwinpe                   YesReprendre … partir de la mise en veille prolong‚e-------------------------------------------------identificateur          {d07eb06f-f9e6-11e2-a494-ad09e1e166a2}device                  partition=C:path                    \Windows\system32\winresume.exedescription             Windows Resume Applicationlocale                  fr-FRinherit                 {resumeloadersettings}recoverysequence        {d07eb071-f9e6-11e2-a494-ad09e1e166a2}recoveryenabled         Yesallowedinmemorysettings 0x15000075filedevice              partition=C:filepath                \hiberfil.sysbootmenupolicy          Standarddebugoptionenabled      NoTesteur de m‚moire Windows--------------------------identificateur          {memdiag}device                  partition=C:path                    \boot\memtest.exedescription             Diagnostics m‚moire Windowslocale                  fr-FRinherit                 {globalsettings}badmemoryaccess         YesParamŠtres EMS--------------identificateur          {emssettings}bootems                 NoParamŠtres du d‚bogueur-----------------------identificateur          {dbgsettings}debugtype               Serialdebugport               1baudrate                115200Erreurs de m‚moire RAM----------------------identificateur          {badmemory}ParamŠtres globaux------------------identificateur          {globalsettings}inherit                 {dbgsettings}                        {emssettings}                        {badmemory}ParamŠtres du chargeur de d‚marrage-----------------------------------identificateur          {bootloadersettings}inherit                 {globalsettings}                        {hypervisorsettings}ParamŠtres de l'hyperviseur-------------------identificateur          {hypervisorsettings}hypervisordebugtype     Serialhypervisordebugport     1hypervisorbaudrate      115200ParamŠtres du chargeur de reprise---------------------------------identificateur          {resumeloadersettings}inherit                 {globalsettings}Options de p‚riph‚rique-----------------------identificateur          {d07eb072-f9e6-11e2-a494-ad09e1e166a2}description             Windows Recoveryramdisksdidevice        partition=C:ramdisksdipath          \Recovery\d07eb071-f9e6-11e2-a494-ad09e1e166a2\boot.sdiLastRegBack: 2014-12-19 05:01==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-12-2014Ran by Camille at 2014-12-23 21:47:32Running from F:\Mes Documents\Browser DownloadsBoot Mode: Normal============================================================================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)µTorrent (HKLM-x32\...\uTorrent) (Version: 3.0.0 - )µTorrent (HKU\S-1-5-21-1189660985-1833294608-1615783760-1001\...\uTorrent) (Version: 3.4.2.31515 - BitTorrent Inc.)64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) HiddenAdobe Reader XI (11.0.09) - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)AMD Catalyst Install Manager (HKLM\...\{79E9FC36-6AC7-73DA-B9D4-B4389F135833}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)Angry IP Scanner (HKLM-x32\...\Angry IP Scanner) (Version: 3.3 - Angry IP Scanner) <==== ATTENTION!Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)Boxcryptor 2.0 (HKLM-x32\...\{0511514A-A672-4F79-8151-D70CA84BF044}) (Version: 2.0.437.408 - Secomba GmbH)Chanalyzer (HKLM-x32\...\{E60FF809-903F-4561-9794-641EE8306503}) (Version: 5.5.0.59 - MetaGeek, LLC)ClamWin Free Antivirus 0.98.5 (HKLM-x32\...\ClamWin Free Antivirus_is1) (Version:  - alch)DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)Dashlane (HKU\S-1-5-21-1189660985-1833294608-1615783760-1001\...\Dashlane) (Version: 3.2.0.75825 - Dashlane SAS)Demonbuddy (HKU\S-1-5-21-1189660985-1833294608-1615783760-1001\...\{21058957-e558-44be-a264-ca553515f382}) (Version: 1.0.1898.362 - Bossland GmbH)Demonbuddy (x32 Version: 1.0.1898.362 - Bossland GmbH) HiddenDiablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)Dropbox (HKU\S-1-5-21-1189660985-1833294608-1615783760-1001\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)GameMaker: Studio (HKLM-x32\...\Steam App 214850) (Version:  - YoYo Games Ltd.)GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGraphicsGale version 1.93.16 (HKLM-x32\...\GraphicsGale_is1) (Version:  - HUMANBALANCE Co.,Ltd.)Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)ITbrain Agent (x32 Version: 1.0 - InstallAware Software Corporation) HiddenITbrain Agent (x32 Version: 1.0.0 - TeamViewer) HiddenJava 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.670 - Oracle)JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.76.1 - JMicron Technology Corp.)K-Lite Codec Pack 10.6.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )Logiciel Logitech Unifying 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech)Ma-Config.com (64 bits) (HKLM\...\{2D5F92C8-4CF7-4E02-A5A8-2E1DBD8CECD8}) (Version: 7.0.150 - Cybelsoft)Malwarebytes Anti-Exploit version 1.05.1.1016 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1016 - Malwarebytes)Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)Microsoft Network Monitor 3.4 (HKLM\...\{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}) (Version: 3.4.2350.0 - Microsoft Corporation)Microsoft Network Monitor: NetworkMonitor Parsers 3.4 (HKLM\...\{963E5FEB-1367-46B9-851D-A957F1A3747F}) (Version: 3.4.2350.0 - Microsoft Corporation)Microsoft Office Professionnel Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)Mozilla Firefox 33.0 (x86 fr) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 fr)) (Version: 33.0 - Mozilla)Nmap 6.46 (HKLM-x32\...\Nmap) (Version:  - )OpenOffice 4.0.1 (HKLM-x32\...\{8D5D54B8-3D29-4AB4-8DA8-1868DAF941D8}) (Version: 4.01.9714 - Apache Software Foundation)ORION: Dino Horde (HKLM-x32\...\Steam App 104900) (Version:  - Spiral Game Studios)Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 0.11.2.26318 - Grinding Gear Games)PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)Resource Hacker Version 3.6.0 (HKLM-x32\...\ResourceHacker_is1) (Version:  - )Resource Tuner 1.99 R6 (HKLM-x32\...\Resource Tuner_is1) (Version: 1.99.6 - Heaventools Software)Satsuki Decoder Pack (HKLM-x32\...\Satsuki Decoder Pack) (Version: 5101 - Satsuki Yatoshi'S Softs)Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) HiddenSkype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version:  - Obsidian Entertainment)Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1168 - SUPERAntiSpyware.com)Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.21 - Synaptics Incorporated)TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 7 - Gameforge Productions GmbH)TinyWall (HKLM-x32\...\{42349E9E-3D70-4B67-B0D6-CCF14399CF56}) (Version: 2.1.5.0 - Károly Pados)TuneUp Utilities 2013 (HKLM-x32\...\TuneUp Utilities 2013) (Version: 13.0.3020.11 - TuneUp Software)TuneUp Utilities 2013 (x32 Version: 13.0.3020.11 - TuneUp Software) HiddenTuneUp Utilities Language Pack (fr-FR) (x32 Version: 13.0.3020.11 - TuneUp Software) HiddenUnity (HKLM-x32\...\Unity) (Version:  - Unity Technologies ApS)VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)Weezo (HKLM-x32\...\Weezo_is1) (Version: 4.3.0 - Peer 2 World)Windows Software Development Kit for Windows 8.1 (HKLM-x32\...\{a7602e27-6fa8-4ea3-bf95-f71953fc5b64}) (Version: 8.100.26898 - Microsoft Corporation)WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)WinRAR 4.10 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.2 - win.rar GmbH)Wireshark 1.10.8 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.10.8 - The Wireshark developer community, http://www.wireshark.org)==================== Custom CLSID (selected items): ==========================(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)CustomCLSID: HKU\S-1-5-21-1189660985-1833294608-1615783760-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\vorsc_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1189660985-1833294608-1615783760-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\vorsc_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1189660985-1833294608-1615783760-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\vorsc_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1189660985-1833294608-1615783760-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\vorsc_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1189660985-1833294608-1615783760-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\vorsc_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1189660985-1833294608-1615783760-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\vorsc_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1189660985-1833294608-1615783760-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\vorsc_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1189660985-1833294608-1615783760-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\vorsc_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1189660985-1833294608-1615783760-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\vorsc_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)==================== Restore Points  =========================23-12-2014 17:08:34 Removed HP Update.==================== Hosts content: ==========================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts==================== Scheduled Tasks (whitelisted) =============(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)Task: {7560E5A9-7CEB-474B-B45D-9DCCDEB0DC5A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvcTask: {E237B46F-BE0B-4E8C-8D4F-C8DDE80A80D5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-10] (Microsoft Corporation)==================== Loaded Modules (whitelisted) =============2014-12-16 23:12 - 2014-12-16 23:12 - 00084184 _____ () C:\Windows\assembly\GAC_MSIL\TinyWall.XmlSerializers\2.1.5.0__d9a8adbcd0c171b3\TinyWall.XmlSerializers.dll2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF2013-07-31 17:43 - 2011-10-30 10:24 - 00193536 _____ () E:\Program Files\WinRAR\rarext.dll2014-12-16 23:18 - 2008-04-19 17:35 - 00080384 _____ () E:\Program Files (x86)\ClamWin\bin\ExpShell64.dll2013-07-31 23:13 - 2013-07-31 23:14 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll2013-07-31 15:18 - 2014-12-17 15:15 - 00227000 _____ () C:\Users\vorsc_000\AppData\Roaming\Dashlane\Dashlane.exe2014-01-20 12:42 - 2014-12-17 15:15 - 00232632 _____ () C:\Users\vorsc_000\AppData\Roaming\Dashlane\DashlanePlugin.exe2014-12-12 22:05 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll2014-12-12 22:05 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll2014-06-12 00:32 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\vorsc_000\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll2014-06-12 00:32 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\vorsc_000\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll2014-12-17 15:13 - 2014-12-17 15:13 - 00307384 _____ () C:\Users\vorsc_000\AppData\Roaming\Dashlane\3.2.0.75825\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.3.2.0.75825.dll2014-12-17 15:13 - 2014-12-17 15:13 - 00417976 _____ () C:\Users\vorsc_000\AppData\Roaming\Dashlane\3.2.0.75825\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.3.2.0.75825.dll2014-12-17 15:13 - 2014-12-17 15:13 - 00442040 _____ () C:\Users\vorsc_000\AppData\Roaming\Dashlane\3.2.0.75825\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.3.2.0.75825.dll2014-12-17 15:13 - 2014-12-17 15:13 - 30868152 _____ () C:\Users\vorsc_000\AppData\Roaming\Dashlane\3.2.0.75825\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.3.2.0.75825.dll2014-12-17 15:13 - 2014-12-17 15:13 - 00266936 _____ () C:\Users\vorsc_000\AppData\Roaming\Dashlane\3.2.0.75825\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.3.2.0.75825.dll2014-12-17 15:13 - 2014-12-17 15:13 - 05802168 _____ () C:\Users\vorsc_000\AppData\Roaming\Dashlane\3.2.0.75825\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.3.2.0.75825.dll2014-12-17 15:13 - 2014-12-17 15:13 - 06570680 _____ () C:\Users\vorsc_000\AppData\Roaming\Dashlane\3.2.0.75825\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.3.2.0.75825.dll2014-12-17 15:13 - 2014-12-17 15:13 - 12216504 _____ () C:\Users\vorsc_000\AppData\Roaming\Dashlane\3.2.0.75825\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.3.2.0.75825.dll2014-12-17 15:13 - 2014-12-17 15:13 - 02047672 _____ () C:\Users\vorsc_000\AppData\Roaming\Dashlane\3.2.0.75825\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.3.2.0.75825.dll2014-12-17 15:13 - 2014-12-17 15:13 - 00183992 _____ () C:\Users\vorsc_000\AppData\Roaming\Dashlane\3.2.0.75825\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.3.2.0.75825.dll2014-08-20 17:09 - 2014-08-20 17:09 - 00138752 ____N () E:\Program Files (x86)\Dofus2\transition\libupdater.dll2014-08-20 17:09 - 2014-08-20 17:09 - 00056832 ____N () E:\Program Files (x86)\Dofus2\transition\qjson.dll2014-08-20 17:09 - 2014-08-20 17:09 - 00068096 ____N () E:\Program Files (x86)\Dofus2\transition\plugins\updater\core.dll2014-08-20 17:09 - 2014-08-20 17:09 - 00051712 ____N () E:\Program Files (x86)\Dofus2\transition\plugins\updater\network_proxy.dll2014-08-20 17:09 - 2014-08-20 17:09 - 00055296 ____N () E:\Program Files (x86)\Dofus2\transition\plugins\updater\diagnostic_tool.dll2014-08-20 17:09 - 2014-08-20 17:09 - 01243648 ____N () E:\Program Files (x86)\Dofus2\transition\plugins\updater\dofusinterface.dll2014-08-20 17:09 - 2014-08-20 17:09 - 00349184 ____N () E:\Program Files (x86)\Dofus2\transition\plugins\updater\eggsshelf.dll2014-08-20 17:09 - 2014-08-20 17:09 - 00027136 ____N () E:\Program Files (x86)\Dofus2\transition\plugins\updater\notifications.dll2014-08-20 17:09 - 2014-08-20 17:09 - 00027136 ____N () E:\Program Files (x86)\Dofus2\transition\naughty.dll2014-08-20 17:09 - 2014-08-20 17:09 - 00018432 ____N () E:\Program Files (x86)\Dofus2\transition\plugins\updater\opengl_diagnostic.dll2014-08-20 17:09 - 2014-08-20 17:09 - 00051200 ____N () E:\Program Files (x86)\Dofus2\transition\plugins\updater\optionsdialog.dll2014-08-20 17:09 - 2014-08-20 17:09 - 00033280 ____N () E:\Program Files (x86)\Dofus2\transition\plugins\updater\systray.dll2014-08-20 17:09 - 2014-08-20 17:09 - 00012288 ____N () E:\Program Files (x86)\Dofus2\transition\plugins\updater\uniqueinstance.dll2014-08-20 17:09 - 2014-08-20 17:09 - 00012800 ____N () E:\Program Files (x86)\Dofus2\transition\plugins\updater\windowstaskbar.dll2014-08-20 17:09 - 2014-08-20 17:09 - 00057856 ____N () E:\Program Files (x86)\Dofus2\transition\plugins\updater\dofusgamelauncher.dll2014-08-20 17:09 - 2014-08-20 17:09 - 00033792 ____N () E:\Program Files (x86)\Dofus2\transition\plugins\updater\ga.dll2014-08-20 17:09 - 2014-08-20 17:09 - 00018432 ____N () E:\Program Files (x86)\Dofus2\transition\plugins\updater\localserver.dll2014-08-20 17:09 - 2014-08-20 17:09 - 00046080 ____N () E:\Program Files (x86)\Dofus2\transition\plugins\updater\systemconfiguration.dll2014-08-20 17:09 - 2014-08-20 17:09 - 00070144 ____N () E:\Program Files (x86)\Dofus2\transition\plugins\updater\update.dll2014-08-20 17:09 - 2014-08-20 17:09 - 00025600 ____N () E:\Program Files (x86)\Dofus2\transition\plugins\updater\updatemonitoring.dll==================== Alternate Data Streams (whitelisted) =========(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)==================== Safe Mode (whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)==================== EXE Association (whitelisted) =============(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)==================== MSCONFIG/TASK MANAGER disabled items =========(Currently there is no automatic fix for this section.)HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"HKLM\...\StartupApproved\Run: => "IAStorIcon"HKLM\...\StartupApproved\Run32: => "SearchProtectAll"HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"HKLM\...\StartupApproved\Run32: => "Adobe ARM"HKLM\...\StartupApproved\Run32: => "HP Software Update"HKU\S-1-5-21-1189660985-1833294608-1615783760-1001\...\StartupApproved\Run: => "uTorrent"HKU\S-1-5-21-1189660985-1833294608-1615783760-1001\...\StartupApproved\Run: => "Steam"HKU\S-1-5-21-1189660985-1833294608-1615783760-1001\...\StartupApproved\Run: => "FreeAC"HKU\S-1-5-21-1189660985-1833294608-1615783760-1001\...\StartupApproved\Run: => "SearchProtect"HKU\S-1-5-21-1189660985-1833294608-1615783760-1001\...\StartupApproved\Run: => "QuteCom"HKU\S-1-5-21-1189660985-1833294608-1615783760-1001\...\StartupApproved\Run: => "YoloMouse"HKU\S-1-5-21-1189660985-1833294608-1615783760-1001\...\StartupApproved\Run: => "GoogleDriveSync"========================= Accounts: ==========================Administrateur (S-1-5-21-1189660985-1833294608-1615783760-500 - Administrator - Disabled)Camille (S-1-5-21-1189660985-1833294608-1615783760-1001 - Administrator - Enabled) => C:\Users\vorsc_000HomeGroupUser$ (S-1-5-21-1189660985-1833294608-1615783760-1004 - Limited - Enabled)Invité (S-1-5-21-1189660985-1833294608-1615783760-501 - Limited - Disabled)VPN_User (S-1-5-21-1189660985-1833294608-1615783760-1006 - Limited - Enabled)==================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (12/21/2014 04:11:57 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Nom de l’application défaillante MsMpEng.exe, version : 4.6.305.0, horodatage : 0x53f7bfb6Nom du module défaillant : KERNELBASE.dll, version : 6.2.9200.16864, horodatage : 0x531d34d8Code d’exception : 0x80000003Décalage d’erreur : 0x00000000000a8b12ID du processus défaillant : 0x8d8Heure de début de l’application défaillante : 0xMsMpEng.exe0Chemin d’accès de l’application défaillante : MsMpEng.exe1Chemin d’accès du module défaillant: MsMpEng.exe2ID de rapport : MsMpEng.exe3Nom complet du package défaillant : MsMpEng.exe4ID de l’application relative au package défaillant : MsMpEng.exe5Error: (12/18/2014 00:18:10 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Nom de l’application défaillante TuneUpSystemStatusCheck.exe, version : 13.0.3020.11, horodatage : 0x510a3e0eNom du module défaillant : combase.dll, version : 6.2.9200.16420, horodatage : 0x505a976eCode d’exception : 0xc0000005Décalage d’erreur : 0x0001334fID du processus défaillant : 0xec8Heure de début de l’application défaillante : 0xTuneUpSystemStatusCheck.exe0Chemin d’accès de l’application défaillante : TuneUpSystemStatusCheck.exe1Chemin d’accès du module défaillant: TuneUpSystemStatusCheck.exe2ID de rapport : TuneUpSystemStatusCheck.exe3Nom complet du package défaillant : TuneUpSystemStatusCheck.exe4ID de l’application relative au package défaillant : TuneUpSystemStatusCheck.exe5Error: (12/18/2014 00:15:53 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Nom de l’application défaillante TuneUpUtilitiesService64.exe, version : 13.0.3020.11, horodatage : 0x510a3e8fNom du module défaillant : TuneUpUtilitiesService64.exe, version : 13.0.3020.11, horodatage : 0x510a3e8fCode d’exception : 0xc0000417Décalage d’erreur : 0x000000000016d544ID du processus défaillant : 0xb3cHeure de début de l’application défaillante : 0xTuneUpUtilitiesService64.exe0Chemin d’accès de l’application défaillante : TuneUpUtilitiesService64.exe1Chemin d’accès du module défaillant: TuneUpUtilitiesService64.exe2ID de rapport : TuneUpUtilitiesService64.exe3Nom complet du package défaillant : TuneUpUtilitiesService64.exe4ID de l’application relative au package défaillant : TuneUpUtilitiesService64.exe5Error: (12/11/2014 07:33:58 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Nom de l’application défaillante AutoKMS.exe, version : 2.5.1.0, horodatage : 0x5329f349Nom du module défaillant : KERNELBASE.dll, version : 6.2.9200.16864, horodatage : 0x531d34d8Code d’exception : 0xe0434352Décalage d’erreur : 0x0000000000047b8cID du processus défaillant : 0x4fcHeure de début de l’application défaillante : 0xAutoKMS.exe0Chemin d’accès de l’application défaillante : AutoKMS.exe1Chemin d’accès du module défaillant: AutoKMS.exe2ID de rapport : AutoKMS.exe3Nom complet du package défaillant : AutoKMS.exe4ID de l’application relative au package défaillant : AutoKMS.exe5Error: (12/11/2014 07:33:55 PM) (Source: .NET Runtime) (EventID: 1026) (User: )Description: Application : AutoKMS.exeVersion du Framework : v4.0.30319Description : le processus a été arrêté en raison d'une exception non gérée.Informations sur l'exception : System.Runtime.InteropServices.COMExceptionPile :   à ..(System.String, System.String, System.String, .)   à ...ctor()   à ..(.)   à ..()Error: (12/08/2014 08:57:33 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Nom de l’application défaillante chrome.exe, version : 39.0.2171.71, horodatage : 0x547407a7Nom du module défaillant : ntdll.dll, version : 6.2.9200.17046, horodatage : 0x53b485c4Code d’exception : 0xc0000374Décalage d’erreur : 0x000daa14ID du processus défaillant : 0x1fdcHeure de début de l’application défaillante : 0xchrome.exe0Chemin d’accès de l’application défaillante : chrome.exe1Chemin d’accès du module défaillant: chrome.exe2ID de rapport : chrome.exe3Nom complet du package défaillant : chrome.exe4ID de l’application relative au package défaillant : chrome.exe5Error: (12/07/2014 07:33:04 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Nom de l’application défaillante chrome.exe, version : 39.0.2171.71, horodatage : 0x547407a7Nom du module défaillant : ntdll.dll, version : 6.2.9200.17046, horodatage : 0x53b485c4Code d’exception : 0xc0000374Décalage d’erreur : 0x000daa14ID du processus défaillant : 0x27f0Heure de début de l’application défaillante : 0xchrome.exe0Chemin d’accès de l’application défaillante : chrome.exe1Chemin d’accès du module défaillant: chrome.exe2ID de rapport : chrome.exe3Nom complet du package défaillant : chrome.exe4ID de l’application relative au package défaillant : chrome.exe5Error: (12/07/2014 00:34:59 PM) (Source: .NET Runtime) (EventID: 1022) (User: )Description: .NET Runtime version 4.0.30319.18449 - Échec de l'initialisation de l'infrastructure d'attachement de l'API de profilage. Ce processus ne permet pas l'attachement d'un profileur. HRESULT : 0x80004005.  ID de processus (décimal) : 7380. Id de message : [0x2509].Error: (12/07/2014 00:34:06 PM) (Source: .NET Runtime) (EventID: 1022) (User: )Description: .NET Runtime version 4.0.30319.18449 - Échec de l'initialisation de l'infrastructure d'attachement de l'API de profilage. Ce processus ne permet pas l'attachement d'un profileur. HRESULT : 0x80004005.  ID de processus (décimal) : 7776. Id de message : [0x2509].Error: (12/07/2014 10:09:47 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Nom de l’application défaillante chrome.exe, version : 39.0.2171.71, horodatage : 0x547407a7Nom du module défaillant : ntdll.dll, version : 6.2.9200.17046, horodatage : 0x53b485c4Code d’exception : 0xc0000374Décalage d’erreur : 0x000daa14ID du processus défaillant : 0x2070Heure de début de l’application défaillante : 0xchrome.exe0Chemin d’accès de l’application défaillante : chrome.exe1Chemin d’accès du module défaillant: chrome.exe2ID de rapport : chrome.exe3Nom complet du package défaillant : chrome.exe4ID de l’application relative au package défaillant : chrome.exe5System errors:=============Error: (12/23/2014 09:09:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: Le service MBAMService s’est terminé de façon inattendue pour la 1ème fois.Error: (12/23/2014 06:14:11 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOPTWO)Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}Error: (12/23/2014 05:58:10 PM) (Source: Service Control Manager) (EventID: 7022) (User: )Description: Le service HP Network Devices Support est en attente de démarrage.Error: (12/23/2014 05:54:14 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOPTWO)Description: propres à l’applicationLocalExécution{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}LaptopTwoCamilleS-1-5-21-1189660985-1833294608-1615783760-1001LocalHost (avec LRPC)Non disponibleNon disponibleError: (12/23/2014 05:54:14 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOPTWO)Description: propres à l’applicationLocalExécution{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}LaptopTwoCamilleS-1-5-21-1189660985-1833294608-1615783760-1001LocalHost (avec LRPC)Non disponibleNon disponibleError: (12/23/2014 05:54:13 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOPTWO)Description: propres à l’applicationLocalExécution{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}LaptopTwoCamilleS-1-5-21-1189660985-1833294608-1615783760-1001LocalHost (avec LRPC)Non disponibleNon disponibleError: (12/23/2014 05:54:12 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOPTWO)Description: propres à l’applicationLocalExécution{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}LaptopTwoCamilleS-1-5-21-1189660985-1833294608-1615783760-1001LocalHost (avec LRPC)Non disponibleNon disponibleError: (12/23/2014 05:54:12 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOPTWO)Description: propres à l’applicationLocalExécution{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}LaptopTwoCamilleS-1-5-21-1189660985-1833294608-1615783760-1001LocalHost (avec LRPC)Non disponibleNon disponibleError: (12/23/2014 05:54:12 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOPTWO)Description: propres à l’applicationLocalExécution{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}LaptopTwoCamilleS-1-5-21-1189660985-1833294608-1615783760-1001LocalHost (avec LRPC)Non disponibleNon disponibleError: (12/22/2014 05:54:50 AM) (Source: volsnap) (EventID: 36) (User: )Description: Les clichés instantanés du volume C: ont été annulés car le stockage du cliché instantané n’a pas pu s’agrandir en raison d’une limite utilisateur.Microsoft Office Sessions:=========================Error: (12/21/2014 04:11:57 PM) (Source: Application Error) (EventID: 1000) (User: )Description: MsMpEng.exe4.6.305.053f7bfb6KERNELBASE.dll6.2.9200.16864531d34d88000000300000000000a8b128d801d01cb2d4cf5e1cC:\Program Files\Windows Defender\MsMpEng.exeC:\Windows\system32\KERNELBASE.dllb3f1b429-8923-11e4-bf26-f46d04f8e638Error: (12/18/2014 00:18:10 AM) (Source: Application Error) (EventID: 1000) (User: )Description: TuneUpSystemStatusCheck.exe13.0.3020.11510a3e0ecombase.dll6.2.9200.16420505a976ec00000050001334fec801d01a4f42cf909aE:\Program Files (x86)\TuneUp Utilities 2013\TuneUpSystemStatusCheck.exeC:\Windows\SYSTEM32\combase.dllf6baebe2-8642-11e4-bf25-f46d04f8e638Error: (12/18/2014 00:15:53 AM) (Source: Application Error) (EventID: 1000) (User: )Description: TuneUpUtilitiesService64.exe13.0.3020.11510a3e8fTuneUpUtilitiesService64.exe13.0.3020.11510a3e8fc0000417000000000016d544b3c01d0197b8a2bb779E:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exeE:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exea52981bf-8642-11e4-bf25-f46d04f8e638Error: (12/11/2014 07:33:58 PM) (Source: Application Error) (EventID: 1000) (User: )Description: AutoKMS.exe2.5.1.05329f349KERNELBASE.dll6.2.9200.16864531d34d8e04343520000000000047b8c4fc01d0157058736ad1C:\Windows\AutoKMS\AutoKMS.exeC:\Windows\system32\KERNELBASE.dll44a912c0-8164-11e4-bf22-f46d04f8e638Error: (12/11/2014 07:33:55 PM) (Source: .NET Runtime) (EventID: 1026) (User: )Description: Application : AutoKMS.exeVersion du Framework : v4.0.30319Description : le processus a été arrêté en raison d'une exception non gérée.Informations sur l'exception : System.Runtime.InteropServices.COMExceptionPile :   à ..(System.String, System.String, System.String, .)   à ...ctor()   à ..(.)   à ..()Error: (12/08/2014 08:57:33 PM) (Source: Application Error) (EventID: 1000) (User: )Description: chrome.exe39.0.2171.71547407a7ntdll.dll6.2.9200.1704653b485c4c0000374000daa141fdc01d0124c4b769ff6C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\SYSTEM32\ntdll.dll72834012-7f14-11e4-bf21-f46d04f8e638Error: (12/07/2014 07:33:04 PM) (Source: Application Error) (EventID: 1000) (User: )Description: chrome.exe39.0.2171.71547407a7ntdll.dll6.2.9200.1704653b485c4c0000374000daa1427f001d011fea034f49cC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\SYSTEM32\ntdll.dll7ab5ae78-7e3f-11e4-bf21-f46d04f8e638Error: (12/07/2014 00:34:59 PM) (Source: .NET Runtime) (EventID: 1022) (User: )Description: .NET Runtime version 4.0.30319.18449 - Échec de l'initialisation de l'infrastructure d'attachement de l'API de profilage. Ce processus ne permet pas l'attachement d'un profileur. HRESULT : 0x80004005.  ID de processus (décimal) : 7380. Id de message : [0x2509].Error: (12/07/2014 00:34:06 PM) (Source: .NET Runtime) (EventID: 1022) (User: )Description: .NET Runtime version 4.0.30319.18449 - Échec de l'initialisation de l'infrastructure d'attachement de l'API de profilage. Ce processus ne permet pas l'attachement d'un profileur. HRESULT : 0x80004005.  ID de processus (décimal) : 7776. Id de message : [0x2509].Error: (12/07/2014 10:09:47 AM) (Source: Application Error) (EventID: 1000) (User: )Description: chrome.exe39.0.2171.71547407a7ntdll.dll6.2.9200.1704653b485c4c0000374000daa14207001d011c1950536d3C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\SYSTEM32\ntdll.dllca00704a-7df0-11e4-bf21-f46d04f8e638CodeIntegrity Errors:===================================  Date: 2014-12-23 18:15:29.384  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\Drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.==================== Memory info =========================== Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHzPercentage of memory in use: 41%Total physical RAM: 3948.54 MBAvailable physical RAM: 2316.63 MBTotal Pagefile: 5036.54 MBAvailable Pagefile: 2584.21 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.74 MB==================== Drives ================================Drive c: (HDD - OS) (Fixed) (Total:38.72 GB) (Free:7.3 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive e: (HDD - SOFT) (Fixed) (Total:146.48 GB) (Free:74.44 GB) NTFSDrive f: (HDD - DATA ) (Fixed) (Total:371.56 GB) (Free:322.72 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (Size: 596.2 GB) (Disk ID: EF24B474)Partition 1: (Active) - (Size=38.7 GB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=39.1 GB) - (Type=83)Partition 3: (Not Active) - (Size=146.5 GB) - (Type=07 NTFS)Partition 4: (Not Active) - (Size=371.6 GB) - (Type=OF Extended)==================== End Of Log ============================
Link to post
Share on other sites
Valinorum

Valinorum

Posted
Posted

Please do not put logs between quote/code tags. Uninstall the following programs:

  • TuneUp Utilities 2013
  • SUPERAntiSpyware [Malwarebytes' Anti-Malware will suffice]
  • Step #2 P2P Warning

    **IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

    • µTorrent
    I shall provide you with a few reference links, please read them up to know the risks of having a P2P program.Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P file-sharing as a major conduit to spread their wares.

    My recommendation is that you uninstall the programs listed above. If you choose not to remove them, please do not use them until this computer is clean.

  • Step #3 Fix with FRST

    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.

    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --

      StartCreateRestorePoint:Closeprocesses:Emptytemp:HKU\S-1-5-21-1189660985-1833294608-1615783760-1001\...\MountPoints2: {81e4dd30-ff14-11e3-becf-f46d04f8e638} - "explorer.exe" http://www.ca-nmp.fr/nouveauclient.htmlIFEO\AcroRd32.exe: [Debugger] "E:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"IFEO\iastorui.exe: [Debugger] "E:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"IFEO\mcdetection.exe: [Debugger] "E:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"IFEO\mcsettings.exe: [Debugger] "E:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"IFEO\yolomouse.exe: [Debugger] "E:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONC:\Users\vorsc_000\AppData\Local\Temp\dwl35ED.tmp.exeEnd
    • Click on File > Save as...
      • Inside the File Name box type fixlist.txt;
      • From the Save as type drop down list, choose All Files
    • Save the file to your Desktop;
    • Re-run FRST.exe and click Fix;
      • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
    • After the completion, a log will be produced;
    • Copy and Paste the contents of the log in your next reply.
  • Step #4 Scan with Malwarebytes' Anti-Malware
    • Download Malwarebytes' Anti-Malware from the suitable link below --
    • Double-click mbam-setup.exe to install the application.
    • Before clicking Finish perform the following actions --
      • Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
      • Check the box beside Launch Malwarebytes Anti-Malware
    • Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
    • Click on Setting--
      • Navigate to the tab Detection and Protection and check all the boxes under Detection Options
    • From the Dashboard click on Scan Now;
    • If threats are detected click on Apply actions. If the program asks to reboot your PC, let it do so;
    • On completion of the scan click on View Detailed Log after that click on Export Button, select Text File and save the log to your Desktop;
    • Copy and Paste the contents of the log in your next reply.
  • Step #5 ESET Online Scanner

    Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.

    • Download esetsmartinstaller_enu.exe by clicking here.
    • Right-click on the program and choose Run as administrator.
    • Accept their terms and condition and proceed.
    • Install Add-On/Active X if prompted.
    • From the Computer Scan Setting check the following box --
      • Enable detection for potentially unwanted programs
    • Click on Advanced Setting --
      • Check the box beside Remove Found Threats;
      • Check the box beside Scan archives
      • Check the box beside Scan for potentially unsafe applications
      • Check the box beside Enable Anti-Stealth Technology
    • Click on Start and wait for the virus signature database to update.
    • The online scan will begin automatically and can take several hours.
      • Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
    • After the Scan finishes --
      • If no threats were found:
        • Put a checkmark in Uninstall application on close.
        • Close the program and report that nothing was found
      • If threats were found:
        • Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
        • Copy and Paste contents of the log file in your next reply.
    Note: Enable your security programs afterwards.
  • Required Log(s):
    • FRST Fix Log
    • Malwarebytes' Anti-Malware Fix Log
    • ESET Fix Log
Regards,

Valinorum

Link to post
Share on other sites
Arcueides

Arcueides

Posted
  • Author
Posted

Here are the logs you required. 

 

FRST

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-12-2014
Ran by Camille at 2014-12-24 08:15:56 Run:1
Running from F:\Mes Documents\Browser Downloads
Loaded Profiles: Camille &  (Available profiles: Camille)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
CreateRestorePoint:
Closeprocesses:
Emptytemp:
HKU\S-1-5-21-1189660985-1833294608-1615783760-1001\...\MountPoints2: {81e4dd30-ff14-11e3-becf-f46d04f8e638} - "explorer.exe" http://www.ca-nmp.fr/nouveauclient.html
IFEO\AcroRd32.exe: [Debugger] "E:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\iastorui.exe: [Debugger] "E:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\mcdetection.exe: [Debugger] "E:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\mcsettings.exe: [Debugger] "E:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
IFEO\yolomouse.exe: [Debugger] "E:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
C:\Users\vorsc_000\AppData\Local\Temp\dwl35ED.tmp.exe
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-1189660985-1833294608-1615783760-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81e4dd30-ff14-11e3-becf-f46d04f8e638}" => Key deleted successfully.
HKCR\CLSID\{81e4dd30-ff14-11e3-becf-f46d04f8e638} => Key not found. 
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\AcroRd32.exe" => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\iastorui.exe => Key not found. 
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mcdetection.exe => Key not found. 
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mcsettings.exe => Key not found. 
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\yolomouse.exe => Key not found. 
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
C:\Users\vorsc_000\AppData\Local\Temp\dwl35ED.tmp.exe => Moved successfully.
EmptyTemp: => Removed 644.5 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 08:17:26 ====
 
MBAM
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 24/12/2014
Scan Time: 08:22:39
Logfile: mBAM.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2014.12.24.02
Rootkit Database: v2014.12.23.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
User: Camille
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 325472
Time Elapsed: 20 min, 17 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
ESET
 
C:\Program Files (x86)\Conduit\CT3281675\plugins\TBVerifier.dll Win32/Toolbar.Conduit.AC potentially unwanted application deleted - quarantined
E:\ProgramData\.clamwin\quarantine\Mdlae.exe.infected a variant of Generik.EMRBBRJ trojan cleaned by deleting - quarantined
E:\ToolBox\PoE_Multi.EXE a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application deleted - quarantined
F:\Torrents\Finished\Microsoft Office Pro 20.10.iso Win32/HackKMS.A potentially unsafe application deleted - quarantined
 
Link to post
Share on other sites
Valinorum

Valinorum

Posted
Posted

Perusing your logs, I see no infection currently present in your system. Unless you are having any issue(s), the machine appears to be Malware-free as we speak.

♣ Removal of Tools and Quarantined Files ♣

Despite the tools we have used are clean, they are powerful removal tools and made in a way so that they carry out any commands given to them without (most cases) asking for a confirmation. In the hands of an inept person, they can make the machine un-bootable -- a scenario we do not wish to see. Also, we need to remove the quarantined files/folders from your system as a dormant malware can be as bad as an active one if given the proper environment. I shall now give you the guidelines to remove the tools and the quarantined files from your system.

  • Cleanup with Delfix

    Please download DelFix by Xplode to your Desktop.

    Download Link

    • Double-click to run the program;
      • Note: Windows Vista/7/8 users right-click and choose Run as administrator
    • Make sure that all the boxes are checked;
    • Click Run;
    • A log will be opened after the operation is finished;
    • Copy and Paste it in your next reply

♣ Prevention and Future Guidelines ♣

Prevention is better than cure -- goes the old saying. As much as we love to see you visit our site, we do not want to see you having your PC infected by malwares again.

  • Keep Windows up-to-date.

    It is extremely important that you keep your operating system (Windows) updated when updates are made available. It is set to alert you, so be sure not to ignore these notices and to allow the updates to install. Many of these are critical security packages which could very possibly be the difference between your picking up a future infiltration and simply passing right by it unharmed.

  • Run antivirus software and keep it up-to-date, too.

    Antivirus software is your safety net if all other protections fail. The first line of defense is smart computing, of course, but everyone needs a backup. I'd recommend Microsoft Security Essentials or avast!, both of which are excellent, as well as free. Once they're installed, check periodically to ensure they have been successfully updating as well. An out-of-date antivirus is not a happy antivirus!

  • Keep your web browser plugins and other programs updated also.

    This tip is rarely shared by technicians and its importance is not widely recognized, but it's absolutely critical. Programs such as Java, Adobe Flash Player and Adobe Reader, Internet Explorer, and myriad other such web-exposed items are deeply vulnerable to attack, which can quickly lead to a hopelessly infected system no matter what protection you currently have installed. The reason is that these programs are ubiquitous, but are also not perfect and are extremely complex... and as such, security vulnerabilities are discovered and exploited by hackers hoping to gain control over your machine. By performing every update for these programs as soon as it's made available, you will greatly reduce your exposure to dangerous internet threats.

    A great way to do this is to install the Filehippo Update Checker and run it regularly. Also, try not to ignore any notifications you receive regarding updates to programs already installed on your PC.

    No scripts is an excellent security device too. I like it but it is not for everyone because it requires you to take action if you want to see some things (pop ups, banners etc.) on sites you visit.

    Download NoSript by Giorgio Maone.

    Note: Sometimes you will get a site telling you that you need to install Java when actually all you need to do is enable the site through the no script icon down on the right hand side of your computer.

  • Watch out for new threat named CryptoLocker

    CryptoLocker is a new type ransomware family malware that encrypts your important files and asks for a ransom to decrypt them. At the moment of posting this reply there are no tools that can undo the havoc this malware causes. We can help you to remove the malware from your system but the files that was encrypted cannot be recovered without the decryption key. So, I ask for your forbearance and practice constant vigilance. Please read the following article to acknowledge yourself about the safety measures.

    How to prevent your computer from becoming infected by CryptoLocker.

  • And last of all, surf smart.

    It doesn't matter how well the autopilot system works if the pilot keeps flying the plane into mountain ranges. Don't forget that no matter how much you have protecting yourself, your security ultimately begins and ends with you. Don't visit dangerous or questionable web sites, avoid suspicious links on Facebook and emails/email attachments you're unsure about, and just generally keep your wits about you, and you'll be much safer. Also, avoid illegal downloads, cracks, "warez", and all other too-good-to-be-true internet offerings: they're typically laden with malware. Be smart and you can avoid most threats lurking about the darker corners of the internet! And for even more tips, see our article, How Did I Get Infected in the First Place?

Regards,

Valinorum

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.