Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

again with IE thinks every download is a virus.. but probably more [So

Started by vrainewb , Sep 21 2013 02:42 PM

  • This topic is locked This topic is locked

#1
vrainewb
Posted 21 September 2013 - 02:42 PM

vrainewb

    Member

  • Member
  • PipPip
  • 22 posts
Hello,
I was trying to follow some sort of step by step "removal guide" for a way to get rid of the systematic "file contained a virus and was deleted" problem (with IE) from some other website, and well, when I used, cautiously I think, ComboFix, the app just seemed to vanish very rapidly after (or during) the early step of backing up registry. (I'm not sure, I went away for a few minutes and when I came back it had just vanished, with no trace.).
After that I found your great site/forum (which i wish I would have found earlier). Anyways I've read All downloads say and at least another one that seemed almost similar but that was handled quite differently, and at least the first one made it clear that it was a personal solution for a singular problem.. so well I'm making a request for help for a similar problem.

Anyways, I'm trying to fix my girlfriend's laptop with this problem, so I'll try to resume it:
(windows 7)
- IE 10 is saying every download is a virus, so every download end up disappearing.
- every zip file downloaded from chrome (as an alternative) end up being impossible to open anyways.
- Windows Defender appears as a blank page in Control Panel (I'm pretty sure that's been like that for a while - it looks like it has been poorly deleted). It doesn't appear in the applications in the start menu, but the folders are there in the Program Files folders. (also I can rename the folder as a temporary workaround to download with IE)
- a real hard time downloading updates to M$ Security Essentials (I must say I've tried a few antivirus/antispyware apps in the process with mixed results.. anyways; it did update definitions last time for a first.
- also Action Center seems to be broken (it says there's a problem but if I click on 'Show Details', nothing happens, and the rest is useless as well.
- Chrome seems to be acting like IE as well suddenly.

I must add that the first things I did before that were to install free AVG (scanned and removed 2 supposed trojans, 2 instances of something called Cryptor, and something else called Luhe.Fiha.A (I think).
Then I tried SuperAntiSpyware, got rid of tons of cookies with it and of residues of the Babylon toolbar thing.
Then I used a Kapersky bootlable disk that got rid of three other things (oh, that one targeted some segment of java installed).
I also scanned with Spybot S&D after that, which listed lots of registry keys and registry changes; I didn't do anything with that because I wasn't too sure about that. I merely used it to clean up residues of yontoo.pagerage, complitly and another Toolbar called Montera.

So here we are now; I'm calling geekstogo for help.
Like I said earlier I don't know what caused ComboFix to vanish. I did stop the antivirus apps, but since I can't really access Windows Defender to stop it, I'm not sure if that's what caused that.

Thanks.
  • 0

Advertisements

#2
vrainewb
Posted 21 September 2013 - 03:03 PM

vrainewb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Oh, OTL is scanning now I will post it when it's done.
  • 0

#3
vrainewb
Posted 21 September 2013 - 03:20 PM

vrainewb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Here's the OTL txt:


OTL logfile created on: 9/21/2013 4:51:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Catherine\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3.98 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 50.83% Memory free
7.95 Gb Paging File | 5.70 Gb Available in Paging File | 71.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 144.70 Gb Free Space | 48.54% Space Free | Partition Type: NTFS
Drive D: | 297.69 Gb Total Space | 118.67 Gb Free Space | 39.86% Space Free | Partition Type: NTFS
Drive F: | 14.53 Gb Total Space | 6.03 Gb Free Space | 41.52% Space Free | Partition Type: FAT32

Computer Name: MUMANDDAD | User Name: Catherine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/21 16:48:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Catherine\Desktop\OTL.exe
PRC - [2013/08/27 07:56:14 | 003,534,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2013/08/26 17:31:10 | 004,851,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2013/08/20 23:53:02 | 000,335,408 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe
PRC - [2013/08/20 23:42:04 | 000,300,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/06/27 16:11:08 | 020,097,696 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/05/24 20:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Catherine\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/05/16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/05/15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/10/02 07:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2011/10/15 04:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/02/01 07:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 07:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/01/14 05:55:14 | 000,572,712 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/12/03 08:57:16 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2010/08/16 04:54:50 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2010/08/04 11:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
PRC - [2010/06/01 17:09:52 | 001,268,808 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
PRC - [2010/05/05 08:58:24 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
PRC - [2010/05/05 08:58:21 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
PRC - [2009/07/28 14:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/03/10 12:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/21 10:21:47 | 001,175,040 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\wx._core_.pyd
MOD - [2013/09/21 10:21:47 | 001,153,024 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\_ssl.pyd
MOD - [2013/09/21 10:21:47 | 001,062,400 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\wx._controls_.pyd
MOD - [2013/09/21 10:21:47 | 000,811,008 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\wx._windows_.pyd
MOD - [2013/09/21 10:21:47 | 000,805,888 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\wx._gdi_.pyd
MOD - [2013/09/21 10:21:47 | 000,735,232 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\wx._misc_.pyd
MOD - [2013/09/21 10:21:47 | 000,711,680 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\_hashlib.pyd
MOD - [2013/09/21 10:21:47 | 000,686,080 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\unicodedata.pyd
MOD - [2013/09/21 10:21:47 | 000,557,056 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\pysqlite2._sqlite.pyd
MOD - [2013/09/21 10:21:47 | 000,504,832 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\windows._cacheinvalidation.pyd
MOD - [2013/09/21 10:21:47 | 000,364,544 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\pythoncom27.dll
MOD - [2013/09/21 10:21:47 | 000,320,512 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\win32com.shell.shell.pyd
MOD - [2013/09/21 10:21:47 | 000,128,512 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\_elementtree.pyd
MOD - [2013/09/21 10:21:47 | 000,127,488 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\pyexpat.pyd
MOD - [2013/09/21 10:21:47 | 000,122,368 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\wx._wizard.pyd
MOD - [2013/09/21 10:21:47 | 000,119,808 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\win32file.pyd
MOD - [2013/09/21 10:21:47 | 000,110,080 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\pywintypes27.dll
MOD - [2013/09/21 10:21:47 | 000,108,544 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\win32security.pyd
MOD - [2013/09/21 10:21:47 | 000,098,816 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\win32api.pyd
MOD - [2013/09/21 10:21:47 | 000,087,040 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\_ctypes.pyd
MOD - [2013/09/21 10:21:47 | 000,070,656 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\wx._html2.pyd
MOD - [2013/09/21 10:21:47 | 000,044,032 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\_socket.pyd
MOD - [2013/09/21 10:21:47 | 000,038,912 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\win32inet.pyd
MOD - [2013/09/21 10:21:47 | 000,035,840 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\win32process.pyd
MOD - [2013/09/21 10:21:47 | 000,026,624 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\_multiprocessing.pyd
MOD - [2013/09/21 10:21:47 | 000,025,600 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\win32pdh.pyd
MOD - [2013/09/21 10:21:47 | 000,022,528 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\win32ts.pyd
MOD - [2013/09/21 10:21:47 | 000,018,432 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\win32event.pyd
MOD - [2013/09/21 10:21:47 | 000,017,408 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\win32profile.pyd
MOD - [2013/09/21 10:21:47 | 000,011,264 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\win32crypt.pyd
MOD - [2013/09/21 10:21:47 | 000,010,240 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\select.pyd
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2013/03/13 16:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Catherine\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/13 19:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Catherine\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2011/11/01 18:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 18:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/05/05 08:58:24 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
MOD - [2010/05/05 08:58:21 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
MOD - [2010/04/05 06:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\epwizard.dll
MOD - [2010/04/05 06:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\customui.dll
MOD - [2010/04/05 06:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\epfunct.dll
MOD - [2010/04/05 06:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\eputil.dll
MOD - [2010/04/05 06:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\imagutil.dll
MOD - [2010/04/01 13:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebdrs.dll
MOD - [2010/04/01 13:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebscw.dll
MOD - [2009/06/23 07:11:03 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\epoemdll.dll
MOD - [2009/06/23 07:10:27 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\epstring.dll
MOD - [2009/06/23 07:09:07 | 002,203,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\epwizres.dll
MOD - [2009/05/27 08:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebdatr.dll
MOD - [2009/04/28 03:56:28 | 000,024,064 | ---- | M] () -- C:\Windows\SysWOW64\LXEBsmr.dll
MOD - [2009/04/07 15:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\iptk.dll
MOD - [2009/03/10 01:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebcaps.dll
MOD - [2009/03/02 10:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebptp.dll
MOD - [2009/02/20 04:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXEBsm.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/06/20 20:33:08 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/06/20 20:33:08 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2013/05/23 16:12:02 | 000,143,120 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/12/09 11:45:26 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/12/08 09:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2010/10/20 08:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 12:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/04/14 15:56:23 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxebcoms.exe -- (lxeb_device)
SRV:64bit: - [2010/04/14 15:56:13 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxebserv.exe -- (lxebCATSCustConnectService)
SRV:64bit: - [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\svchost.exe -- (RemoteAccess)
SRV - [2013/09/19 19:08:41 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/27 07:56:14 | 003,534,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/08/20 23:42:04 | 000,300,640 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/02 07:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2011/10/15 04:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/02/11 08:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/02/10 03:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2011/02/01 07:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 07:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/01/14 05:55:14 | 000,572,712 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/04 11:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/04/14 15:56:13 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe -- (lxebCATSCustConnectService)
SRV - [2010/04/14 15:56:01 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxebcoms.exe -- (lxeb_device)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/28 10:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 12:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/22 23:25:44 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/08/22 23:08:14 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/08/22 22:55:04 | 000,241,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/08/22 22:54:54 | 000,192,824 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/08/20 22:53:58 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/08/01 16:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/08/01 16:06:28 | 000,147,768 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013/08/01 16:04:56 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/07/09 18:16:13 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/02/18 09:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/27 07:58:08 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:64bit: - [2011/08/02 12:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 13:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/03 13:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/12 11:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/01/04 19:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 10:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/07/20 11:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/22 04:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 14:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 10:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/19 22:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 08:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {26A80F12-DBF0-429A-B729-BF3D0AF906C9}
IE:64bit: - HKLM\..\SearchScopes\{26A80F12-DBF0-429A-B729-BF3D0AF906C9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {26A80F12-DBF0-429A-B729-BF3D0AF906C9}
IE - HKLM\..\SearchScopes\{26A80F12-DBF0-429A-B729-BF3D0AF906C9}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-415489914-3879192382-1900291337-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
IE - HKU\S-1-5-21-415489914-3879192382-1900291337-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://toshiba.eu/pl...s?touch=4&cat=1 [binary data]
IE - HKU\S-1-5-21-415489914-3879192382-1900291337-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-415489914-3879192382-1900291337-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://toshiba.eu/pl...s?touch=4&cat=1 [binary data]
IE - HKU\S-1-5-21-415489914-3879192382-1900291337-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba.msn.com/
IE - HKU\S-1-5-21-415489914-3879192382-1900291337-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://toshiba.fr.msn.com/
IE - HKU\S-1-5-21-415489914-3879192382-1900291337-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-FR
IE - HKU\S-1-5-21-415489914-3879192382-1900291337-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 25 86 05 E5 0A 3A CE 01 [binary data]
IE - HKU\S-1-5-21-415489914-3879192382-1900291337-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-415489914-3879192382-1900291337-1000\..\SearchScopes\{4623C3CD-DFA9-44EA-BBCC-58EEA4CBC0B4}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKU\S-1-5-21-415489914-3879192382-1900291337-1000\..\SearchScopes\{E4967BF9-F967-4E9E-980A-10510A98CE87}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-415489914-3879192382-1900291337-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-415489914-3879192382-1900291337-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@caminova.com/DjVuPlugin: C:\Program Files (x86)\Caminova\Document Express DjVu Plug-in\npdjvu.dll (Caminova, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2013/07/09 18:11:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Catherine\AppData\Roaming\mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: Google\u00A0Drive = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Skype Click to Call = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-415489914-3879192382-1900291337-1000\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [lxebmon.exe] C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe ()
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-415489914-3879192382-1900291337-1000..\Run: [Google Update] Reg Error: Value error. File not found
O4 - HKU\S-1-5-21-415489914-3879192382-1900291337-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-415489914-3879192382-1900291337-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-415489914-3879192382-1900291337-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O4 - HKU\S-1-5-21-415489914-3879192382-1900291337-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-415489914-3879192382-1900291337-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Catherine\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.caminova....le.aspx?lang=en (DjVuCtl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D00D3DC6-BCA2-4CA7-9311-571F1F423FA2}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/09/20 19:25:18 | 000,000,016 | -H-- | M] () - F:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2010/04/14 22:54:30 | 000,000,166 | ---- | M] () - F:\AUTORUN_.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/21 16:48:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Catherine\Desktop\OTL.exe
[2013/09/20 22:22:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/09/20 20:51:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/09/20 20:51:35 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2013/09/20 20:40:40 | 005,128,554 | R--- | C] (Swearware) -- C:\Users\Catherine\Desktop\ComboFix.exe
[2013/09/20 19:44:43 | 000,000,000 | ---D | C] -- C:\Users\Catherine\Documents\pour virus et malwares
[2013/09/20 18:51:33 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013/09/20 17:03:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2013/09/20 17:02:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2013/09/20 17:02:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine
[2013/09/18 12:56:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/09/18 12:56:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/09/17 20:47:33 | 000,000,000 | ---D | C] -- C:\Users\Catherine\Documents\ProcAlyzer Dumps
[2013/09/17 20:45:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/09/17 20:45:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/09/17 20:45:20 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/09/17 20:45:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/09/17 14:53:33 | 000,000,000 | ---D | C] -- C:\Users\Catherine\AppData\Roaming\SUPERAntiSpyware.com
[2013/09/17 14:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/09/17 14:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/09/17 14:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/09/17 12:24:08 | 000,000,000 | ---D | C] -- C:\Users\Catherine\AppData\Roaming\AVG2014
[2013/09/17 12:23:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/09/17 12:23:49 | 000,000,000 | ---D | C] -- C:\Users\Catherine\AppData\Roaming\TuneUp Software
[2013/09/17 12:23:35 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/09/17 12:23:35 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2013/09/17 12:23:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013/09/17 12:01:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/09/17 12:00:36 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/09/17 12:00:36 | 000,000,000 | ---D | C] -- C:\Users\Catherine\AppData\Local\MFAData
[2013/09/17 12:00:36 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/09/17 12:00:36 | 000,000,000 | ---D | C] -- C:\Users\Catherine\AppData\Local\Avg2014
[2013/09/17 11:53:22 | 000,000,000 | ---D | C] -- C:\Windows\TEMP
[2013/09/17 11:53:22 | 000,000,000 | ---D | C] -- C:\Windows\Logs
[2013/09/16 14:00:04 | 000,000,000 | ---D | C] -- C:\Users\Catherine\AppData\Local\Macroplant_LLC
[2013/09/16 13:57:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iExplorer
[2013/09/16 13:57:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iExplorer
[2013/08/31 10:45:16 | 000,000,000 | ---D | C] -- C:\Users\Catherine\AppData\Local\{0CADF07A-4244-45D5-81A9-FD2F24321C21}
[2013/08/22 23:25:44 | 000,212,280 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2013/08/22 23:08:14 | 000,294,712 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys
[2013/08/22 22:55:04 | 000,241,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[2013/08/22 22:54:54 | 000,192,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/21 16:57:02 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/21 16:48:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Catherine\Desktop\OTL.exe
[2013/09/21 16:06:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/21 10:57:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/21 10:28:47 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/21 10:28:47 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/21 10:20:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/21 10:20:56 | 3203,735,552 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/20 19:29:22 | 001,549,746 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/20 19:29:22 | 000,704,714 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2013/09/20 19:29:22 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/20 19:29:22 | 000,130,988 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2013/09/20 19:29:22 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/20 10:49:24 | 000,002,190 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/09/19 06:06:44 | 005,128,554 | R--- | M] (Swearware) -- C:\Users\Catherine\Desktop\ComboFix.exe
[2013/09/18 12:57:56 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/09/17 21:56:43 | 000,000,545 | ---- | M] () -- C:\Windows\wininit.ini
[2013/09/17 20:45:30 | 000,001,386 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/09/17 12:23:54 | 000,000,226 | ---- | M] () -- C:\Windows\tasks\SidebarExecute.job
[2013/09/12 19:37:40 | 000,000,338 | ---- | M] () -- C:\Users\Catherine\Documents\Tetro.cue
[2013/09/12 19:37:16 | 3566,075,903 | ---- | M] () -- C:\Users\Catherine\Documents\Tetro.iso
[2013/09/11 18:49:42 | 000,440,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/08/22 23:25:44 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2013/08/22 23:08:14 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys
[2013/08/22 22:55:04 | 000,241,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[2013/08/22 22:54:54 | 000,192,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/18 12:57:56 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/09/18 12:56:38 | 000,002,124 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/09/17 21:56:43 | 000,000,545 | ---- | C] () -- C:\Windows\wininit.ini
[2013/09/17 20:45:30 | 000,001,398 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/09/17 20:45:30 | 000,001,386 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/09/17 12:23:54 | 000,000,226 | ---- | C] () -- C:\Windows\tasks\SidebarExecute.job
[2013/09/12 19:37:40 | 000,000,338 | ---- | C] () -- C:\Users\Catherine\Documents\Tetro.cue
[2013/09/12 19:04:03 | 3566,075,903 | ---- | C] () -- C:\Users\Catherine\Documents\Tetro.iso
[2012/06/11 04:48:28 | 000,003,584 | ---- | C] () -- C:\Users\Catherine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/31 02:44:47 | 000,000,097 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/12/30 14:45:37 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebinpa.dll
[2011/12/30 14:45:37 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxebcomx.dll
[2011/12/30 14:45:37 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebiesc.dll
[2011/12/30 14:45:37 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXEBinst.dll
[2011/12/30 14:45:37 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lxebinsr.dll
[2011/12/30 14:45:37 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxebjswr.dll
[2011/12/30 14:45:37 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxebcur.dll
[2011/12/30 14:45:36 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebserv.dll
[2011/12/30 14:45:36 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebusb1.dll
[2011/12/30 14:45:36 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebpmui.dll
[2011/12/30 14:45:36 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeblmpm.dll
[2011/12/30 14:45:36 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxebins.dll
[2011/12/30 14:45:36 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxebinsb.dll
[2011/12/30 14:45:36 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxebcu.dll
[2011/12/30 14:45:36 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxebcub.dll
[2011/12/30 14:45:35 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcomc.dll
[2011/12/30 14:45:35 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebhbn3.dll
[2011/12/30 14:45:35 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcoms.exe
[2011/12/30 14:45:35 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcfg.exe
[2011/12/30 14:45:35 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcomm.dll
[2011/12/30 14:45:35 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebih.exe
[2011/12/30 14:42:32 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEBsm.dll
[2011/12/30 14:42:32 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\LXEBsmr.dll
[2011/12/30 14:37:47 | 001,036,288 | ---- | C] () -- C:\Windows\SysWow64\lxdwdrs.dll
[2011/12/30 14:37:47 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdwcaps.dll
[2011/12/30 14:37:47 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdwcnv4.dll
[2011/12/30 12:40:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/12/30 12:15:56 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/12/30 12:15:56 | 000,000,063 | ---- | C] () -- C:\Windows\mdm.ini
[2011/12/30 12:15:52 | 000,000,000 | ---- | C] () -- C:\Windows\NSREX.INI
[2011/09/27 08:21:23 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2011/09/27 08:07:14 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe

========== ZeroAccess Check ==========

[2013/09/08 23:36:17 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Local\Google\Desktop\Install\{db49f1f9-58bb-0c5a-a757-cae572ea28bd}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{db49f1f9-58bb-0c5a-a757-cae572ea28bd}\L
[2013/09/20 22:24:09 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Local\Google\Desktop\Install\{db49f1f9-58bb-0c5a-a757-cae572ea28bd}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{db49f1f9-58bb-0c5a-a757-cae572ea28bd}\U
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\desktop.in0
[2013/09/20 18:06:21 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/09/17 12:24:08 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\AVG2014
[2013/09/16 22:35:21 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Azureus
[2013/07/09 18:49:58 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\DAEMON Tools Lite
[2013/09/21 10:22:07 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Dropbox
[2013/07/11 22:33:59 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\EAC
[2012/04/20 12:56:19 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2012/05/17 15:37:03 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Garmin
[2013/08/20 15:01:59 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Nico Mak Computing
[2013/07/18 17:47:58 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\OpenCandy
[2013/07/18 17:48:04 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Philipp Winterberg
[2011/12/30 12:47:08 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Toshiba
[2013/09/17 12:23:49 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\TuneUp Software
[2012/05/31 02:44:56 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\WebPlayerBdd
[2013/07/19 13:55:47 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\WildTangent
[2011/12/30 13:20:18 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\WinBatch
[2011/12/31 10:21:20 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >
  • 0

#4
Essexboy
Posted 22 September 2013 - 04:14 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there I feel I know what the problem is, but I will need to run a different programme to confirm this

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#5
vrainewb
Posted 22 September 2013 - 03:07 PM

vrainewb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hi and thanks a lot for helping me out.

Sorry about the delay, I think I got to sleep just before you answered.

Here's the FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2013
Ran by Catherine (administrator) on MUMANDDAD on 22-09-2013 13:34:34
Running from C:\Users\Catherine\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: French Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
( ) C:\Windows\system32\lxebcoms.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
() C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Dropbox, Inc.) C:\Users\Catherine\AppData\Roaming\Dropbox\bin\Dropbox.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) c:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11776104 2011-02-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] - C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2011-05-03] (Toshiba Europe GmbH)
HKLM\...\Run: [EzPrint] - C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe [148280 2010-05-05] ()
HKLM\...\Run: [lxebmon.exe] - C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe [770728 2010-05-05] ()
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKCU\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20097696 2013-06-27] (Google)
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6581488 2013-08-14] (SUPERAntiSpyware)
HKCU\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [NBAgent] - c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1406248 2011-01-07] (Nero AG)
HKLM-x32\...\Run: [SVPWUTIL] - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA)
HKLM-x32\...\Run: [HWSetup] - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2011-12-07] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4851248 2013-08-26] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Startup: C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Catherine\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://toshiba.eu/pl...s?touch=4&cat=1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://toshiba.eu/pl...s?touch=4&cat=1
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://toshiba.fr.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x258605E50A3ACE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-FR
SearchScopes: HKLM - DefaultScope {26A80F12-DBF0-429A-B729-BF3D0AF906C9} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {26A80F12-DBF0-429A-B729-BF3D0AF906C9} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {4623C3CD-DFA9-44EA-BBCC-58EEA4CBC0B4} URL = http://rover.ebay.co...e={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Lexmark - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKCU - No Name - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No File
DPF: HKLM-x32 {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.caminova....le.aspx?lang=en
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Skype Click to Call) - C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (Google Drive) - C:\Users\CATHER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Skype Click to Call) - C:\Users\CATHER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\CATHER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3534896 2013-08-27] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [300640 2013-08-20] (AVG Technologies CZ, s.r.o.)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [240736 2013-09-05] (WildTangent)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1809920 2010-08-04] (Realsil Microelectronics Inc.)
S2 lxebCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxeb_device; C:\Windows\system32\lxebcoms.exe [1052328 2010-04-14] ( )
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
S2 lxdw_device; C:\Windows\system32\lxdwcoms.exe -service [x]
S2 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [x]
U4 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{db49f1f9-58bb-0c5a-a757-cae572ea28bd}\ \...\???\{db49f1f9-58bb-0c5a-a757-cae572ea28bd}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [147768 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-08-22] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-08-22] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-08-22] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-08-22] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-07-09] (Duplex Secure Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-22 13:34 - 2013-09-22 13:34 - 00000000 ____D C:\FRST
2013-09-22 13:14 - 2013-09-22 13:14 - 01956670 _____ (Farbar) C:\Users\Catherine\Desktop\FRST64.exe
2013-09-21 19:42 - 2013-09-21 19:42 - 00002629 ____N C:\Users\Public\Desktop\WildTangent Games App - toshiba.lnk
2013-09-21 17:12 - 2013-09-21 17:12 - 00063136 _____ C:\Users\Catherine\Desktop\Extras.Txt
2013-09-21 17:07 - 2013-09-21 17:07 - 00118192 _____ C:\Users\Catherine\Desktop\OTL.Txt
2013-09-21 16:48 - 2013-09-21 16:48 - 00602112 _____ (OldTimer Tools) C:\Users\Catherine\Desktop\OTL.exe
2013-09-20 22:22 - 2013-09-20 22:22 - 00000000 ____D C:\Qoobox
2013-09-20 20:51 - 2013-09-20 22:32 - 00000000 ___SD C:\32788R22FWJFW
2013-09-20 20:51 - 2013-09-20 20:51 - 00000000 ____D C:\Windows\erdnt
2013-09-20 20:40 - 2013-09-19 06:06 - 05128554 ____R (Swearware) C:\Users\Catherine\Desktop\ComboFix.exe
2013-09-20 19:44 - 2013-09-20 19:45 - 00000000 ____D C:\Users\Catherine\Documents\pour virus et malwares
2013-09-20 19:40 - 2013-09-20 19:40 - 05128554 _____ (Swearware) C:\Users\Catherine\Downloads\ComboFix.exe
2013-09-20 18:51 - 2013-09-21 06:19 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-09-20 17:56 - 2013-09-20 18:07 - 00073060 _____ C:\Users\Catherine\Downloads\yorkyt.exe.log
2013-09-20 17:56 - 2013-09-20 17:56 - 01415784 _____ C:\Users\Catherine\Downloads\yorkyt.exe
2013-09-20 17:03 - 2013-09-20 17:03 - 00000000 ____D C:\ProgramData\Panda Security
2013-09-20 17:02 - 2013-09-20 17:02 - 00003108 _____ C:\Windows\System32\Tasks\PandaUSBVaccine
2013-09-20 17:02 - 2013-09-20 17:02 - 00000000 ____D C:\Program Files (x86)\Panda USB Vaccine
2013-09-20 16:40 - 2013-09-20 16:41 - 00865272 _____ (Panda Security ) C:\Users\Catherine\Downloads\USBVaccine.exe
2013-09-18 13:26 - 2012-08-24 14:13 - 00154480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-09-18 13:26 - 2012-08-24 14:09 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-09-18 13:26 - 2012-08-24 14:05 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-09-18 13:26 - 2012-08-24 14:03 - 01448448 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-09-18 13:26 - 2012-08-24 12:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-09-18 13:26 - 2012-08-24 12:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-09-18 13:26 - 2012-08-24 12:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-09-18 12:57 - 2013-09-18 12:57 - 00001912 _____ C:\Windows\epplauncher.mif
2013-09-18 12:56 - 2013-09-18 12:56 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-09-18 12:56 - 2013-09-18 12:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-09-18 12:22 - 2012-05-04 07:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2013-09-18 12:22 - 2012-05-04 05:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-09-17 22:06 - 2013-09-20 20:31 - 00002126 _____ C:\Windows\PFRO.log
2013-09-17 21:56 - 2013-09-17 21:56 - 00000545 _____ C:\Windows\wininit.ini
2013-09-17 20:47 - 2013-09-17 20:47 - 00000000 ____D C:\Users\Catherine\Documents\ProcAlyzer Dumps
2013-09-17 20:45 - 2013-09-18 13:36 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-17 20:45 - 2013-09-17 20:58 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-09-17 20:45 - 2013-09-17 20:45 - 00001386 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-09-17 20:45 - 2009-01-25 13:14 - 00017272 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2013-09-17 20:28 - 2013-09-17 20:28 - 00022743 _____ C:\Users\Catherine\Downloads\game.of.thrones.walk.of.punishment.(2013).eng.1cd.(5128330).zip
2013-09-17 14:53 - 2013-09-17 14:53 - 00000000 ____D C:\Users\Catherine\AppData\Roaming\SUPERAntiSpyware.com
2013-09-17 14:52 - 2013-09-17 14:53 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-09-17 14:52 - 2013-09-17 14:52 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-09-17 12:30 - 2013-09-17 12:32 - 00000189 _____ C:\Windows\system32\avgrep.txt
2013-09-17 12:24 - 2013-09-17 12:24 - 00000000 ____D C:\Users\Catherine\AppData\Roaming\AVG2014
2013-09-17 12:23 - 2013-09-17 12:35 - 00000000 ____D C:\ProgramData\AVG2014
2013-09-17 12:23 - 2013-09-17 12:23 - 00000226 _____ C:\Windows\Tasks\SidebarExecute.job
2013-09-17 12:23 - 2013-09-17 12:23 - 00000000 ___HD C:\$AVG
2013-09-17 12:23 - 2013-09-17 12:23 - 00000000 ____D C:\Users\Catherine\AppData\Roaming\TuneUp Software
2013-09-17 12:23 - 2013-09-17 12:23 - 00000000 ____D C:\Program Files (x86)\AVG
2013-09-17 12:01 - 2013-09-17 12:01 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-17 12:00 - 2013-09-22 12:14 - 00000000 ____D C:\ProgramData\MFAData
2013-09-17 12:00 - 2013-09-17 12:30 - 00000000 ____D C:\Users\Catherine\AppData\Local\Avg2014
2013-09-17 12:00 - 2013-09-17 12:00 - 00000000 ____D C:\Users\Catherine\AppData\Local\MFAData
2013-09-17 11:55 - 2013-09-21 10:21 - 00001532 _____ C:\Windows\setupact.log
2013-09-17 11:55 - 2013-09-17 11:55 - 00000000 _____ C:\Windows\setuperr.log
2013-09-16 14:00 - 2013-09-16 14:00 - 00000000 ____D C:\Users\Catherine\AppData\Local\Macroplant_LLC
2013-09-16 13:57 - 2013-09-16 13:57 - 00000000 ____D C:\Program Files (x86)\iExplorer
2013-09-16 12:47 - 2013-09-16 12:47 - 00028696 _____ C:\Users\Catherine\Downloads\[kickass.to]breaking.bad.s05e14.hdtv.x264.asap.ettv.torrent
2013-09-12 19:37 - 2013-09-12 19:37 - 00000338 _____ C:\Users\Catherine\Documents\Tetro.cue
2013-09-12 19:04 - 2013-09-12 19:37 - 3566075904 _____ C:\Users\Catherine\Documents\Tetro.iso
2013-09-11 10:57 - 2013-08-10 01:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-11 10:57 - 2013-08-10 01:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-11 10:57 - 2013-08-10 01:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-11 10:57 - 2013-08-10 01:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-11 10:57 - 2013-08-10 01:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-11 10:57 - 2013-08-10 01:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-11 10:57 - 2013-08-10 01:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-11 10:57 - 2013-08-10 01:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-11 10:57 - 2013-08-10 01:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-11 10:57 - 2013-08-10 01:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-11 10:57 - 2013-08-10 01:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 10:57 - 2013-08-10 01:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-11 10:57 - 2013-08-10 01:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-11 10:57 - 2013-08-10 01:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-11 10:57 - 2013-08-09 23:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-11 10:57 - 2013-08-09 23:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-11 10:57 - 2013-08-09 23:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-11 10:57 - 2013-08-09 23:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-11 10:57 - 2013-08-09 23:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-11 10:57 - 2013-08-09 23:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-11 10:57 - 2013-08-09 23:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-11 10:57 - 2013-08-09 23:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-11 10:57 - 2013-08-09 23:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-11 10:57 - 2013-08-09 23:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-11 10:57 - 2013-08-09 23:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-11 10:57 - 2013-08-09 23:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-11 10:57 - 2013-08-09 23:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-11 10:57 - 2013-08-09 23:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-11 10:57 - 2013-08-09 22:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-11 10:57 - 2013-08-09 22:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-11 10:56 - 2013-08-09 23:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-11 09:25 - 2013-09-11 09:25 - 00021330 _____ C:\Users\Catherine\Downloads\Breaking Bad_5x13_HDTV.x264-EVOLVE.en.zip
2013-09-10 22:49 - 2013-08-04 22:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-10 22:49 - 2013-08-01 22:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-10 22:49 - 2013-08-01 22:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-10 22:49 - 2013-08-01 22:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-10 22:49 - 2013-08-01 22:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-10 22:49 - 2013-08-01 22:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-10 22:49 - 2013-08-01 22:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-10 22:49 - 2013-08-01 22:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-10 22:49 - 2013-08-01 22:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-10 22:49 - 2013-08-01 22:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-10 22:49 - 2013-08-01 22:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-10 22:49 - 2013-08-01 22:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-10 22:49 - 2013-08-01 22:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 22:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 21:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-10 22:49 - 2013-08-01 21:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-10 22:49 - 2013-08-01 21:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-10 22:49 - 2013-08-01 21:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-10 22:49 - 2013-08-01 21:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-10 22:49 - 2013-08-01 21:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-10 22:49 - 2013-08-01 21:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-10 22:49 - 2013-08-01 21:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 21:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 21:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-10 22:49 - 2013-08-01 20:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-10 22:49 - 2013-08-01 20:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-10 22:49 - 2013-08-01 20:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-10 22:49 - 2013-08-01 20:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-10 22:49 - 2013-08-01 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-10 22:49 - 2013-08-01 20:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 20:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 20:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-10 22:49 - 2013-08-01 20:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-10 22:48 - 2013-08-07 21:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-10 22:48 - 2013-07-25 22:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-10 22:48 - 2013-07-25 22:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-10 22:48 - 2013-07-25 21:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-10 22:48 - 2013-07-25 21:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-08 11:51 - 2013-09-08 11:51 - 00117762 _____ C:\Users\Catherine\Downloads\[kickass.to]twin.peaks.season.1.complete.dvdrip.x264.mkv.by.riddlera.torrent
2013-08-31 10:45 - 2013-08-31 10:45 - 00000000 ____D C:\Users\Catherine\AppData\Local\{0CADF07A-4244-45D5-81A9-FD2F24321C21}

==================== One Month Modified Files and Folders =======

2013-09-22 13:34 - 2013-09-22 13:34 - 00000000 ____D C:\FRST
2013-09-22 13:33 - 2011-09-27 07:54 - 01499685 _____ C:\Windows\WindowsUpdate.log
2013-09-22 13:15 - 2011-02-11 12:16 - 00704714 _____ C:\Windows\system32\perfh00C.dat
2013-09-22 13:15 - 2011-02-11 12:16 - 00130988 _____ C:\Windows\system32\perfc00C.dat
2013-09-22 13:15 - 2009-07-14 01:13 - 01549746 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-22 13:14 - 2013-09-22 13:14 - 01956670 _____ (Farbar) C:\Users\Catherine\Desktop\FRST64.exe
2013-09-22 13:11 - 2012-12-21 17:58 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-22 13:11 - 2012-08-26 02:25 - 00001074 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-22 12:20 - 2012-08-26 02:25 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-22 12:14 - 2013-09-17 12:00 - 00000000 ____D C:\ProgramData\MFAData
2013-09-21 19:42 - 2013-09-21 19:42 - 00002629 ____N C:\Users\Public\Desktop\WildTangent Games App - toshiba.lnk
2013-09-21 19:42 - 2011-05-03 05:12 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2013-09-21 17:12 - 2013-09-21 17:12 - 00063136 _____ C:\Users\Catherine\Desktop\Extras.Txt
2013-09-21 17:07 - 2013-09-21 17:07 - 00118192 _____ C:\Users\Catherine\Desktop\OTL.Txt
2013-09-21 16:48 - 2013-09-21 16:48 - 00602112 _____ (OldTimer Tools) C:\Users\Catherine\Desktop\OTL.exe
2013-09-21 16:11 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-09-21 11:22 - 2011-12-30 12:35 - 00000000 ____D C:\Users\Catherine\AppData\Roaming\Skype
2013-09-21 10:28 - 2009-07-14 00:45 - 00025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-21 10:28 - 2009-07-14 00:45 - 00025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-21 10:22 - 2013-06-14 13:43 - 00000000 ___RD C:\Users\Catherine\Google Drive
2013-09-21 10:22 - 2012-09-02 13:07 - 00000000 ___RD C:\Users\Catherine\Dropbox
2013-09-21 10:22 - 2012-09-02 13:05 - 00000000 ____D C:\Users\Catherine\AppData\Roaming\Dropbox
2013-09-21 10:21 - 2013-09-17 11:55 - 00001532 _____ C:\Windows\setupact.log
2013-09-21 10:21 - 2011-12-30 14:46 - 00079495 _____ C:\ProgramData\lxebscan.log
2013-09-21 10:21 - 2009-07-14 01:08 - 00032496 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-21 10:21 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-21 06:19 - 2013-09-20 18:51 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-09-20 22:32 - 2013-09-20 20:51 - 00000000 ___SD C:\32788R22FWJFW
2013-09-20 22:22 - 2013-09-20 22:22 - 00000000 ____D C:\Qoobox
2013-09-20 20:51 - 2013-09-20 20:51 - 00000000 ____D C:\Windows\erdnt
2013-09-20 20:31 - 2013-09-17 22:06 - 00002126 _____ C:\Windows\PFRO.log
2013-09-20 19:45 - 2013-09-20 19:44 - 00000000 ____D C:\Users\Catherine\Documents\pour virus et malwares
2013-09-20 19:44 - 2013-07-11 21:04 - 00000000 ____D C:\Users\Catherine\Documents\M-A temporaire
2013-09-20 19:40 - 2013-09-20 19:40 - 05128554 _____ (Swearware) C:\Users\Catherine\Downloads\ComboFix.exe
2013-09-20 18:07 - 2013-09-20 17:56 - 00073060 _____ C:\Users\Catherine\Downloads\yorkyt.exe.log
2013-09-20 17:56 - 2013-09-20 17:56 - 01415784 _____ C:\Users\Catherine\Downloads\yorkyt.exe
2013-09-20 17:03 - 2013-09-20 17:03 - 00000000 ____D C:\ProgramData\Panda Security
2013-09-20 17:02 - 2013-09-20 17:02 - 00003108 _____ C:\Windows\System32\Tasks\PandaUSBVaccine
2013-09-20 17:02 - 2013-09-20 17:02 - 00000000 ____D C:\Program Files (x86)\Panda USB Vaccine
2013-09-20 16:41 - 2013-09-20 16:40 - 00865272 _____ (Panda Security ) C:\Users\Catherine\Downloads\USBVaccine.exe
2013-09-20 10:49 - 2012-09-03 03:47 - 00002190 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-19 19:08 - 2012-12-21 17:58 - 00003940 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-19 19:08 - 2012-03-31 01:34 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-19 19:08 - 2012-01-07 02:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-19 14:09 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-09-19 06:06 - 2013-09-20 20:40 - 05128554 ____R (Swearware) C:\Users\Catherine\Desktop\ComboFix.exe
2013-09-19 00:33 - 2013-01-23 12:28 - 00000000 ____D C:\Users\Catherine\AppData\Roaming\vlc
2013-09-18 22:24 - 2013-04-02 18:39 - 00000000 ____D C:\Users\Catherine\Desktop\Sous titres
2013-09-18 13:36 - 2013-09-17 20:45 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-18 12:57 - 2013-09-18 12:57 - 00001912 _____ C:\Windows\epplauncher.mif
2013-09-18 12:56 - 2013-09-18 12:56 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-09-18 12:56 - 2013-09-18 12:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-09-17 21:56 - 2013-09-17 21:56 - 00000545 _____ C:\Windows\wininit.ini
2013-09-17 20:58 - 2013-09-17 20:45 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-09-17 20:47 - 2013-09-17 20:47 - 00000000 ____D C:\Users\Catherine\Documents\ProcAlyzer Dumps
2013-09-17 20:45 - 2013-09-17 20:45 - 00001386 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-09-17 20:28 - 2013-09-17 20:28 - 00022743 _____ C:\Users\Catherine\Downloads\game.of.thrones.walk.of.punishment.(2013).eng.1cd.(5128330).zip
2013-09-17 14:53 - 2013-09-17 14:53 - 00000000 ____D C:\Users\Catherine\AppData\Roaming\SUPERAntiSpyware.com
2013-09-17 14:53 - 2013-09-17 14:52 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-09-17 14:52 - 2013-09-17 14:52 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-09-17 12:35 - 2013-09-17 12:23 - 00000000 ____D C:\ProgramData\AVG2014
2013-09-17 12:32 - 2013-09-17 12:30 - 00000189 _____ C:\Windows\system32\avgrep.txt
2013-09-17 12:30 - 2013-09-17 12:00 - 00000000 ____D C:\Users\Catherine\AppData\Local\Avg2014
2013-09-17 12:24 - 2013-09-17 12:24 - 00000000 ____D C:\Users\Catherine\AppData\Roaming\AVG2014
2013-09-17 12:23 - 2013-09-17 12:23 - 00000226 _____ C:\Windows\Tasks\SidebarExecute.job
2013-09-17 12:23 - 2013-09-17 12:23 - 00000000 ___HD C:\$AVG
2013-09-17 12:23 - 2013-09-17 12:23 - 00000000 ____D C:\Users\Catherine\AppData\Roaming\TuneUp Software
2013-09-17 12:23 - 2013-09-17 12:23 - 00000000 ____D C:\Program Files (x86)\AVG
2013-09-17 12:01 - 2013-09-17 12:01 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-17 12:00 - 2013-09-17 12:00 - 00000000 ____D C:\Users\Catherine\AppData\Local\MFAData
2013-09-17 11:55 - 2013-09-17 11:55 - 00000000 _____ C:\Windows\setuperr.log
2013-09-17 11:13 - 2012-05-06 05:40 - 00015372 _____ C:\ProgramData\lxeb.log
2013-09-16 22:35 - 2013-03-30 15:30 - 00000000 ____D C:\Users\Catherine\AppData\Roaming\Azureus
2013-09-16 14:00 - 2013-09-16 14:00 - 00000000 ____D C:\Users\Catherine\AppData\Local\Macroplant_LLC
2013-09-16 13:57 - 2013-09-16 13:57 - 00000000 ____D C:\Program Files (x86)\iExplorer
2013-09-16 12:47 - 2013-09-16 12:47 - 00028696 _____ C:\Users\Catherine\Downloads\[kickass.to]breaking.bad.s05e14.hdtv.x264.asap.ettv.torrent
2013-09-12 19:38 - 2013-04-01 22:49 - 00000000 ____D C:\Users\Catherine\AppData\Roaming\dvdcss
2013-09-12 19:37 - 2013-09-12 19:37 - 00000338 _____ C:\Users\Catherine\Documents\Tetro.cue
2013-09-12 19:37 - 2013-09-12 19:04 - 3566075904 _____ C:\Users\Catherine\Documents\Tetro.iso
2013-09-11 18:49 - 2011-12-30 11:58 - 00000000 ___RD C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-11 18:49 - 2011-12-30 11:55 - 00000000 ___RD C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-11 18:49 - 2009-07-14 00:45 - 00440440 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-11 10:56 - 2013-07-14 03:01 - 00000000 ____D C:\Windows\system32\MRT
2013-09-11 10:54 - 2011-12-30 13:12 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-11 09:25 - 2013-09-11 09:25 - 00021330 _____ C:\Users\Catherine\Downloads\Breaking Bad_5x13_HDTV.x264-EVOLVE.en.zip
2013-09-08 23:36 - 2012-08-26 02:25 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-08 23:36 - 2012-02-25 12:59 - 00000000 ____D C:\Users\Catherine\AppData\Local\Google
2013-09-08 11:51 - 2013-09-08 11:51 - 00117762 _____ C:\Users\Catherine\Downloads\[kickass.to]twin.peaks.season.1.complete.dvdrip.x264.mkv.by.riddlera.torrent
2013-08-31 10:45 - 2013-08-31 10:45 - 00000000 ____D C:\Users\Catherine\AppData\Local\{0CADF07A-4244-45D5-81A9-FD2F24321C21}
2013-08-26 16:53 - 2013-03-30 15:30 - 00000000 ____D C:\Program Files (x86)\Vuze

Files to move or delete:
====================
ZeroAccess:
C:\Users\Catherine\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-21 15:42

==================== End Of Log ============================



Now, Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-09-2013
Ran by Catherine at 2013-09-22 13:36:13
Running from C:\Users\Catherine\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs ======================

Adobe AIR (x32 Version: 2.0.3.13070)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.175)
Adobe Reader X (10.1.8) - Français (x32 Version: 10.1.8)
Apple Application Support (x32 Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (x32 Version: 2.1.3.127)
AVG 2014 (Version: 14.0.3604)
AVG 2014 (Version: 14.0.4117)
AVG 2014 (Version: 2014.0.4117)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Bejeweled 3 (x32 Version: 2.2.0.97)
Bonjour (Version: 3.0.0.10)
Chicken Invaders 3 - Revenge of the Yolk (x32 Version: 2.2.0.95)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2)
D3DX10 (x32 Version: 15.4.2368.0902)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95)
Document Express DjVu Plug-in (x32 Version: 6.1.31831)
Dropbox (HKCU Version: 2.0.22)
Exact Audio Copy 1.0beta3 (x32 Version: 1.0beta3)
FATE (x32 Version: 2.2.0.97)
Final Drive: Nitro (x32 Version: 2.2.0.95)
Free RAR Extract Frog (x32 Version: 5.20)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Google Chrome (x32 Version: 29.0.1547.76)
Google Drive (x32 Version: 1.11.4865.2530)
Google Update Helper (x32 Version: 1.3.21.153)
Google Earth (x32 Version: 7.1.1.1888)
High-Definition Video Playback (x32 Version: 7.1.13900.47.0)
iExplorer 3.2.4.2 (x32)
Insaniquarium Deluxe (x32 Version: 2.2.0.97)
Intel® Management Engine Components (x32 Version: 7.0.0.1144)
Intel® Rapid Storage Technology (x32 Version: 10.1.2.1004)
IsoBuster 3.2 (x32 Version: 3.2)
iTunes (Version: 10.5.2.11)
Java Auto Updater (x32 Version: 2.0.2.1)
Java™ 6 Update 20 (x32 Version: 6.0.200)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Lexmark (x32 Version: 1.0.0.0)
Lexmark Pro200-S500 Series
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2000 CD-ROM 2 (x32 Version: 9.00.2720)
Microsoft Office 2000 Professional (x32 Version: 9.00.2720)
Microsoft Primary Interoperability Assemblies 2005 (x32 Version: 9.0.21022)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Mises à jour NVIDIA 1.5.20 (Version: 1.5.20)
Module de compatibilité pour Microsoft Office System 2007 (x32 Version: 12.0.6612.1000)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MyPDFConverter (x32 Version: 2.5906.00026)
Nero 10 Movie ThemePack Basic (x32 Version: 10.2.10000.0.0)
Nero BackItUp 10 (x32 Version: 5.6.11500.16.100)
Nero BackItUp 10 Help (CHM) (x32 Version: 10.5.10600)
Nero BurnRights 10 (x32 Version: 4.2.10500.1.102)
Nero BurnRights 10 Help (CHM) (x32 Version: 10.5.10600)
Nero Control Center 10 (x32 Version: 10.6.12000.0.0)
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.5.10600)
Nero Core Components 10 (x32 Version: 2.0.18700.9.1)
Nero Express 10 (x32 Version: 10.2.12000.21.100)
Nero Express 10 Help (CHM) (x32 Version: 10.5.10600)
Nero InfoTool 10 (x32 Version: 7.2.10400.5.100)
Nero InfoTool 10 Help (CHM) (x32 Version: 10.5.10600)
Nero MediaHub 10 (x32 Version: 1.2.13300.36.100)
Nero MediaHub 10 Help (CHM) (x32 Version: 10.5.10600)
Nero Multimedia Suite 10 Essentials (x32 Version: 10.5.14800)
Nero RescueAgent 10 (x32 Version: 3.2.10800.9.100)
Nero RescueAgent 10 Help (CHM) (x32 Version: 10.5.10600)
Nero StartSmart 10 (x32 Version: 10.2.11600.14.100)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.5.10600)
Nero Update (x32 Version: 1.0.10300.25.0)
NVIDIA Install Application (Version: 2.1002.109.718)
NVIDIA Pilote audio HD : 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Pilote du contrôleur 3D Vision 285.62 (Version: 285.62)
NVIDIA Pilote graphique 285.62 (Version: 285.62)
NVIDIA Update Components (Version: 1.5.20)
Panda USB Vaccine 1.0.1.16 (x32)
Panneau de configuration NVIDIA 285.62 (Version: 285.62)
Penguins! (x32 Version: 2.2.0.95)
Photo Service - powered by myphotobook (x32 Version: 1.2.0)
Photo Service - powered by myphotobook (x32 Version: 1.2.0-545)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Polar Bowler (x32 Version: 2.2.0.97)
Realtek Ethernet Controller Driver (x32 Version: 7.38.113.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6307)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30123)
Realtek WLAN Driver (x32 Version: 2.00.0013)
Skype Click to Call (x32 Version: 6.3.11079)
Skype™ 6.6 (x32 Version: 6.6.106)
Slingo Deluxe (x32 Version: 2.2.0.95)
Sony RAW Driver (x32 Version: 2.0.00.08130)
SoulSeek 157 NS 13e (x32)
Spybot - Search & Destroy (x32 Version: 2.1.21)
SUPERAntiSpyware (Version: 5.6.1032)
Synaptics Pointing Device Driver (Version: 15.2.11.1)
TOSHIBA Assist (x32 Version: 4.02.02)
TOSHIBA ConfigFree (x32 Version: 8.0.38)
TOSHIBA Disc Creator (Version: 2.1.0.6 for x64)
TOSHIBA Face Recognition (Version: 3.1.8.64)
TOSHIBA Face Recognition (x32 Version: 3.1.8.64)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.12C)
TOSHIBA Hardware Setup (x32 Version: 1.63.1.34C)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.7)
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.7)
Toshiba Manuals (x32 Version: 10.02)
TOSHIBA Media Controller (x32 Version: 1.0.86.2)
TOSHIBA Media Controller Plug-in (x32 Version: 1.0.6.1)
TOSHIBA Recovery Media Creator (x32 Version: 2.1.3.10010)
TOSHIBA ReelTime (Version: 1.7.17.64)
TOSHIBA ReelTime (x32 Version: 1.7.17.64)
TOSHIBA Resolution+ Plug-in for Windows Media Player (x32 Version: 1.1.0)
TOSHIBA Service Station (x32 Version: 2.2.9)
TOSHIBA Supervisor Password (x32 Version: 1.63.51.2C)
TOSHIBA TEMPRO (x32 Version: 3.35)
TOSHIBA Value Added Package (Version: 1.5.4.64)
TOSHIBA Value Added Package (x32 Version: 1.5.4.64)
TOSHIBA Web Camera Application (x32 Version: 2.0.1.5)
TRORMCLauncher (Version: 1.0.0.10)
TRORMCLauncher (x32 Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update Installer for WildTangent Games App (x32)
Utility Common Driver (x32 Version: 1.0.52.2C)
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi (x32 Version: 15.4.5722.2)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1)
VLC media player 2.0.5 (x32 Version: 2.0.5)
Vuze (x32 Version: 4.9.0.0)
Wedding Dash 2 - Rings Around the World (x32 Version: 2.2.0.95)
WildTangent Games (x32 Version: 1.0.2.5)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.20)
Windows Live (x32 Version: 15.4.3555.0308)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Zuma Deluxe (x32 Version: 2.2.0.95)
بريد Windows Live (x32 Version: 15.4.3502.0922)
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (x32 Version: 15.4.5722.2)
معرض صور Windows Live (x32 Version: 15.4.3502.0922)

==================== Restore Points =========================

21-06-2013 19:41:13 Windows Update
25-06-2013 15:17:13 Windows Update
26-06-2013 04:38:39 Windows Update
29-06-2013 14:54:37 Windows Update
01-07-2013 18:02:37 Windows Update
05-07-2013 14:42:41 Windows Update
09-07-2013 13:57:40 Windows Update
09-07-2013 22:15:45 SPTD setup V1.83
12-07-2013 07:00:14 Windows Update
14-07-2013 07:00:23 Windows Update
19-07-2013 11:23:58 Windows Update
23-07-2013 14:22:57 Windows Update
24-07-2013 22:56:23 Windows Update
30-07-2013 19:19:45 Windows Update
05-08-2013 01:53:52 Installed Document Express DjVu Plug-in
07-08-2013 03:47:11 Windows Update
13-08-2013 13:40:06 Windows Update
15-08-2013 03:07:57 Windows Update
20-08-2013 13:17:14 Windows Update
23-08-2013 13:53:00 Windows Update
27-08-2013 13:13:54 Windows Update
30-08-2013 14:29:25 Windows Update
03-09-2013 21:35:43 Windows Update
11-09-2013 14:51:38 Windows Update
12-09-2013 22:31:46 Windows Update
12-09-2013 23:50:32 Windows Update
15-09-2013 18:52:02 Windows Update
16-09-2013 13:48:38 Windows Update
16-09-2013 14:08:55 Windows Update
16-09-2013 15:47:55 Windows Update
17-09-2013 14:52:53 Windows Update
17-09-2013 15:53:14 Windows Update
17-09-2013 18:24:33 Windows Update
17-09-2013 18:38:29 Windows Update
18-09-2013 02:03:51 Windows Update
18-09-2013 16:22:42 Windows Update
18-09-2013 16:26:05 Windows Update
18-09-2013 17:27:10 Windows Update
19-09-2013 17:37:14 Windows Update
20-09-2013 21:57:00 Panda ZAcccess init
20-09-2013 22:05:49 Panda ZAcccess Cleanup

==================== Hosts content: ==========================

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {0FCF8193-9434-4D3F-9F46-39266A7D07F5} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {1DC6E58D-9D61-4A2B-BBE1-3C5127A73324} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe
Task: {25787A81-046A-489B-85D3-5A14EB194EC1} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 7600 Series\ezprint.exe
Task: {63867E0A-58C6-4DE4-90B4-96F3C5B0154D} - System32\Tasks\4795 => C:\Users\CATHER~1\AppData\Local\Temp\launchie.vbsC:\Users\CATHER~1\AppData\Local\Temp\launchie.vbs //B
Task: {65C6D60A-A558-43B6-A201-0FB3C87B8DEA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-19] (Adobe Systems Incorporated)
Task: {684AF4DC-AF5E-445C-9D11-91C4D4D98220} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-26] (Google Inc.)
Task: {71BE7054-1EBD-43F0-9D0D-57CB37CE8EB2} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {95D11C0F-5434-4431-BAEE-340456D8A6B3} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {AAA7E05A-7A70-46EC-96F5-3D91A1ECE0FC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {AD8A6219-1C58-40FC-BF3A-9DBFD3426A9A} - System32\Tasks\0 => Iexplore.exe
Task: {AF9440A7-639B-41B8-A669-4000630F70EF} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2010-06-01] ()
Task: {B68C352B-BD71-468A-81DF-D08E07E4B54C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-26] (Google Inc.)
Task: {BA385DFF-7AAB-4A90-B332-A8814ED459BB} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2010-12-03] (TOSHIBA CORPORATION)
Task: {EC285FCB-E1AD-4EDE-8649-C0BA093092AD} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SidebarExecute.job => C:\Program Files\Windows Sidebar\sidebar.exe

==================== Loaded Modules (whitelisted) =============

2013-05-24 20:36 - 2013-05-24 20:36 - 00164016 _____ (Dropbox, Inc.) C:\Users\Catherine\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
2013-05-23 16:00 - 2013-05-23 16:00 - 00213264 _____ (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCTXMN64.DLL
2010-11-18 11:18 - 2010-11-18 11:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2011-09-27 08:04 - 2010-11-03 12:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2011-09-27 08:04 - 2011-01-28 17:03 - 02841704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2011-05-03 04:37 - 2011-05-03 04:37 - 08007680 _____ ( ) C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
2010-12-08 09:42 - 2010-12-08 09:42 - 00079264 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2011-12-30 14:45 - 2010-04-05 06:56 - 00716954 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\Epwizard.DLL
2011-12-30 14:45 - 2010-04-05 06:55 - 00159890 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\customui.dll
2011-12-30 14:45 - 2010-04-05 06:54 - 00123033 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\Eputil.DLL
2011-12-30 14:45 - 2010-04-05 06:54 - 00143502 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\Imagutil.DLL
2011-12-30 14:45 - 2010-04-05 06:55 - 00061604 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\Epfunct.DLL
2011-12-30 14:45 - 2009-06-23 07:09 - 02203648 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\EPWizRes.dll
2011-12-30 14:45 - 2009-06-23 07:10 - 00049152 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\epstring.dll
2011-12-30 14:45 - 2009-06-23 07:11 - 00094208 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\EPOEMDll.dll
2011-12-30 14:45 - 2009-04-07 15:25 - 00409600 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\iptk.dll
2011-12-30 14:46 - 2010-04-01 13:18 - 00548864 _____ (PDFlib GmbH) C:\Program Files (x86)\Lexmark Pro200-S500 Series\PdfLib.dll
2011-12-30 14:46 - 2009-03-02 10:25 - 00151552 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebptp.dll
2011-12-30 14:45 - 2009-11-26 04:52 - 00086183 _____ (Lexmark International) C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebcfg.dll
2011-12-30 14:45 - 2010-04-01 13:23 - 00389120 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebscw.dll
2011-12-30 14:45 - 2009-05-27 08:16 - 00192512 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebdatr.dll
2011-12-30 14:45 - 2010-04-01 13:24 - 01159168 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebDRS.dll
2011-12-30 14:45 - 2009-03-10 01:43 - 00155648 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebcaps.dll
2011-12-30 14:45 - 2009-03-05 13:55 - 00059904 _____ (Lexmark International Inc.) C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebcnv4.dll
2011-12-30 14:46 - 2009-03-10 01:41 - 00966656 _____ (Corp.) C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmonr.dll
2011-12-30 14:45 - 2009-12-09 15:35 - 00802816 _____ ( ) C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebcomc.dll
2011-12-30 14:42 - 2009-02-20 04:48 - 00381440 _____ () C:\Windows\system32\lxebsm.dll
2011-12-30 14:42 - 2009-04-28 03:56 - 00024064 _____ () C:\Windows\system32\lxebsmr.dll
2012-11-13 19:32 - 2012-11-13 19:32 - 03558400 _____ (wxWidgets development team) C:\Users\Catherine\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
2013-03-13 16:48 - 2013-03-13 16:48 - 24978944 _____ () C:\Users\Catherine\AppData\Roaming\Dropbox\bin\libcef.dll
2013-03-13 16:48 - 2013-03-13 16:48 - 09956864 _____ (The ICU Project) C:\Users\Catherine\AppData\Roaming\Dropbox\bin\icudt.dll
2011-11-01 18:26 - 2011-11-01 18:26 - 00053608 _____ (Open Source Software community project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2011-11-01 18:26 - 2011-11-01 18:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 18:26 - 2011-11-01 18:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-17 20:45 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-09-17 20:45 - 2013-05-16 10:55 - 03643800 _____ (Project JEDI) C:\Program Files (x86)\Spybot - Search & Destroy 2\Jcl150.bpl
2013-09-17 20:45 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-09-21 10:21 - 2013-09-21 10:21 - 02436608 _____ (Python Software Foundation) C:\Users\Catherine\AppData\Local\Temp\_MEI33042\python27.dll
2013-09-21 10:21 - 2013-09-21 10:21 - 00098816 _____ () C:\Users\Catherine\AppData\Local\Temp\_MEI33042\win32api.pyd
2013-09-21 10:21 - 2013-09-21 10:21 - 00110080 _____ () C:\Users\Catherine\AppData\Local\Temp\_MEI33042\PyWinTypes27.dll
2013-09-21 10:21 - 2013-09-21 10:21 - 00364544 _____ () C:\Users\Catherine\AppData\Local\Temp\_MEI33042\pythoncom27.dll
2013-09-21 10:21 - 2013-09-21 10:21 - 00044032 _____ () C:\Users\Catherine\AppData\Local\Temp\_MEI33042\_socket.pyd
2013-09-21 10:21 - 2013-09-21 10:21 - 01153024 _____ () C:\Users\Catherine\AppData\Local\Temp\_MEI33042\_ssl.pyd
2013-09-21 10:21 - 2013-09-21 10:21 - 00320512 _____ () C:\Users\Catherine\AppData\Local\Temp\_MEI33042\win32com.shell.shell.pyd
2013-09-21 10:21 - 2013-09-21 10:21 - 00711680 _____ () C:\Users\Catherine\AppData\Local\Temp\_MEI33042\_hashlib.pyd
2013-09-21 10:21 - 2013-09-21 10:21 - 01175040 _____ () C:\Users\Catherine\AppData\Local\Temp\_MEI33042\wx._core_.pyd
2013-09-21 10:21 - 2013-09-21 10:21 - 01985024 _____ (wxWidgets development team) C:\Users\Catherine\AppData\Local\Temp\_MEI33042\wxbase294u_vc90.dll
2013-09-21 10:21 - 2013-09-21 10:21 - 00154112 _____ (wxWidgets development team) C:\Users\Catherine\AppData\Local\Temp\_MEI33042\wxbase294u_net_vc90.dll
2013-09-21 10:21 - 2013-09-21 10:21 - 04598272 _____ (wxWidgets development team) C:\Users\Catherine\AppData\Local\Temp\_MEI33042\wxmsw294u_core_vc90.dll
2013-09-21 10:21 - 2013-09-21 10:21 - 01234944 _____ (wxWidgets development team) C:\Users\Catherine\AppData\Local\Temp\_MEI33042\wxmsw294u_adv_vc90.dll
2013-09-21 10:21 - 2013-09-21 10:21 - 00805888 _____ () C:\Users\Catherine\AppData\Local\Temp\_MEI33042\wx._gdi_.pyd
2013-09-21 10:21 - 2013-09-21 10:21 - 00811008 _____ () C:\Users\Catherine\AppData\Local\Temp\_MEI33042\wx._windows_.pyd
2013-09-21 10:21 - 2013-09-21 10:21 - 00595968 _____ (wxWidgets development team) C:\Users\Catherine\AppData\Local\Temp\_MEI33042\wxmsw294u_html_vc90.dll
2013-09-21 10:21 - 2013-09-21 10:21 - 01062400 _____ () C:\Users\Catherine\AppData\Local\Temp\_MEI33042\wx._controls_.pyd
2013-09-21 10:21 - 2013-09-21 10:21 - 00735232 _____ () C:\Users\Catherine\AppData\Local\Temp\_MEI33042\wx._misc_.pyd
2013-09-21 10:21 - 2013-09-21 10:21 - 00128512 _____ () C:\Users\Catherine\AppData\Local\Temp\_MEI33042\_elementtree.pyd
2013-09-21 10:21 - 2013-09-21 10:21 - 00127488 _____ () C:\Users\Catherine\AppData\Local\Temp\_MEI33042\pyexpat.pyd
2013-09-21 10:21 - 2013-09-21 10:21 - 00557056 _____ () C:\Users\Catherine\AppData\Local\Temp\_MEI33042\pysqlite2._sqlite.pyd
2013-09-21 10:21 - 2013-09-21 10:21 - 00087040 _____ () C:\Users\Catherine\AppData\Local\Temp\_MEI33042\_ctypes.pyd
2013-09-21 10:21 - 2013-09-21 10:21 - 00119808 _____ () C:\Users\Catherine\AppData\Local\Temp\_MEI33042\win32file.pyd
2013-09-21 10:21 - 2013-09-21 10:21 - 00108544 _____ () C:\Users\Catherine\AppData\Local\Temp\_MEI33042\win32security.pyd
2013-09-21 10:21 - 2013-09-21 10:21 - 00018432 _____ () C:\Users\Catherine\AppData\Local\Temp\_MEI33042\win32event.pyd
2013-09-21 10:21 - 2013-09-21 10:21 - 00038912 _____ () C:\Users\Catherine\AppData\Local\Temp\_MEI33042\win32inet.pyd
2013-09-21 10:21 - 2013-09-21 10:21 - 00122368 _____ () C:\Users\Catherine\AppData\Local\Temp\_MEI33042\wx._wizard.pyd
2013-09-21 10:21 - 2013-09-21 10:21 - 00686080 _____ () C:\Users\Catherine\AppData\Local\Temp\_MEI33042\unicodedata.pyd
2013-09-21 10:21 - 2013-09-21 10:21 - 00026624 _____ () C:\Users\Catherine\AppData\Local\Temp\_MEI33042\_multiprocessing.pyd
2013-09-21 10:21 - 2013-09-21 10:21 - 00070656 _____ () C:\Users\Catherine\AppData\Local\Temp\_MEI33042\wx._html2.pyd
2013-09-21 10:21 - 2013-09-21 10:21 - 00091648 _____ (wxWidgets development team) C:\Users\Catherine\AppData\Local\Temp\_MEI33042\wxmsw294u_webview_vc90.dll
2013-09-21 10:21 - 2013-09-21 10:21 - 00010240 _____ () C:\Users\Catherine\AppData\Local\Temp\_MEI33042\select.pyd
2013-09-21 10:21 - 2013-09-21 10:21 - 00025600 _____ () C:\Users\Catherine\AppData\Local\Temp\_MEI33042\win32pdh.pyd
2013-09-21 10:21 - 2013-09-21 10:21 - 00504832 _____ () C:\Users\Catherine\AppData\Local\Temp\_MEI33042\windows._cacheinvalidation.pyd
2013-09-21 10:21 - 2013-09-21 10:21 - 00421200 _____ (Microsoft Corporation) C:\Users\Catherine\AppData\Local\Temp\_MEI33042\msvcp100.dll
2013-09-21 10:21 - 2013-09-21 10:21 - 00773968 _____ (Microsoft Corporation) C:\Users\Catherine\AppData\Local\Temp\_MEI33042\msvcr100.dll
2013-09-21 10:21 - 2013-09-21 10:21 - 00011264 _____ () C:\Users\Catherine\AppData\Local\Temp\_MEI33042\win32crypt.pyd
2013-09-21 10:21 - 2013-09-21 10:21 - 00035840 _____ () C:\Users\Catherine\AppData\Local\Temp\_MEI33042\win32process.pyd
2013-09-21 10:21 - 2013-09-21 10:21 - 00017408 _____ () C:\Users\Catherine\AppData\Local\Temp\_MEI33042\win32profile.pyd
2013-09-21 10:21 - 2013-09-21 10:21 - 00022528 _____ () C:\Users\Catherine\AppData\Local\Temp\_MEI33042\win32ts.pyd

==================== Alternate Data Streams (whitelisted) ======


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/21/2013 10:22:05 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/20/2013 10:48:03 PM) (Source: TOSHIBA Service Station) (User: )
Description: TSS Load: could not communicate with TMachInfo service

Error: (09/20/2013 10:47:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/20/2013 10:24:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/20/2013 10:22:59 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/20/2013 09:48:37 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/20/2013 08:33:06 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/20/2013 06:05:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/20/2013 04:20:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8486

Error: (09/20/2013 04:20:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8486


System errors:
=============
Error: (09/22/2013 01:32:42 PM) (Source: Service Control Manager) (User: )
Description: Le service Fournisseur HomeGroup dépend du service Publication des ressources de découverte de fonctions qui n’a pas pu démarrer en raison de l’erreur :
%%-2147024891

Error: (09/22/2013 01:32:42 PM) (Source: Service Control Manager) (User: )
Description: Le service Publication des ressources de découverte de fonctions s’est arrêté avec l’erreur :
%%-2147024891

Error: (09/22/2013 01:11:44 PM) (Source: Service Control Manager) (User: )
Description: Le service Publication des ressources de découverte de fonctions s’est arrêté avec l’erreur :
%%-2147024891

Error: (09/22/2013 01:11:44 PM) (Source: Service Control Manager) (User: )
Description: Le service Fournisseur HomeGroup dépend du service Publication des ressources de découverte de fonctions qui n’a pas pu démarrer en raison de l’erreur :
%%-2147024891

Error: (09/22/2013 00:09:27 PM) (Source: Service Control Manager) (User: )
Description: Le service Fournisseur HomeGroup dépend du service Publication des ressources de découverte de fonctions qui n’a pas pu démarrer en raison de l’erreur :
%%-2147024891

Error: (09/22/2013 00:09:27 PM) (Source: Service Control Manager) (User: )
Description: Le service Publication des ressources de découverte de fonctions s’est arrêté avec l’erreur :
%%-2147024891

Error: (09/22/2013 00:35:44 AM) (Source: Service Control Manager) (User: )
Description: Le service Publication des ressources de découverte de fonctions s’est arrêté avec l’erreur :
%%-2147024891

Error: (09/22/2013 00:35:44 AM) (Source: Service Control Manager) (User: )
Description: Le service Fournisseur HomeGroup dépend du service Publication des ressources de découverte de fonctions qui n’a pas pu démarrer en raison de l’erreur :
%%-2147024891

Error: (09/22/2013 00:20:22 AM) (Source: Service Control Manager) (User: )
Description: Le service Fournisseur HomeGroup dépend du service Publication des ressources de découverte de fonctions qui n’a pas pu démarrer en raison de l’erreur :
%%-2147024891

Error: (09/22/2013 00:20:22 AM) (Source: Service Control Manager) (User: )
Description: Le service Publication des ressources de découverte de fonctions s’est arrêté avec l’erreur :
%%-2147024891


Microsoft Office Sessions:
=========================
Error: (09/21/2013 10:22:05 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/20/2013 10:48:03 PM) (Source: TOSHIBA Service Station)(User: )
Description: TSS Load: could not communicate with TMachInfo service

Error: (09/20/2013 10:47:16 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/20/2013 10:24:44 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/20/2013 10:22:59 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/20/2013 09:48:37 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/20/2013 08:33:06 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/20/2013 06:05:41 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/20/2013 04:20:11 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8486

Error: (09/20/2013 04:20:11 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8486


==================== Memory info ===========================

Percentage of memory in use: 63%
Total physical RAM: 4073.76 MB
Available physical RAM: 1493.7 MB
Total Pagefile: 8145.71 MB
Available Pagefile: 5228.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:298.09 GB) (Free:140.4 GB) NTFS
Drive d: (Data) (Fixed) (Total:297.69 GB) (Free:118.67 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: DFA3549C)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================



Thanks again
  • 0

#6
Essexboy
Posted 22 September 2013 - 03:14 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
As I thought this is the latest version of Zero Access

Download the attached fixlist.txt to the same location as FRST
[attachment=66647:fixlist.txt]
Run FRST and press Fix
A fix log will be generated please post that

THEN

We will get a fresh OTL log to sweep up

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window..
  • Post both logs

  • 0

#7
vrainewb
Posted 22 September 2013 - 03:28 PM

vrainewb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Gee that was fast. Thanks.

Here's Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-09-2013
Ran by Catherine at 2013-09-22 17:22:00 Run:1
Running from C:\Users\Catherine\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
U4 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{db49f1f9-58bb-0c5a-a757-cae572ea28bd}\ \...\???\{db49f1f9-58bb-0c5a-a757-cae572ea28bd}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
C:\Users\Catherine\AppData\Local\Google\Desktop\Install
C:\Program Files (x86)\Google\Desktop\Install

*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.
*etadpug => Service deleted successfully.
C:\Users\Catherine\AppData\Local\Google\Desktop\Install => Moved successfully.
C:\Program Files (x86)\Google\Desktop\Install => Moved successfully.

==== End of Fixlog ====


I'm gonna do the OTL thing right away.
  • 0

#8
Essexboy
Posted 22 September 2013 - 03:30 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The downloads should be OK now as that was the main bad boy. I will be online for the next 30 minutes or so :)
  • 0

#9
vrainewb
Posted 22 September 2013 - 04:00 PM

vrainewb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hello again,

I'm not sure if I did something wrong, but the scan took nearly half an hour. Here's the OTL log:


OTL logfile created on: 9/22/2013 5:34:14 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Catherine\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3.98 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 35.39% Memory free
7.95 Gb Paging File | 5.03 Gb Available in Paging File | 63.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 140.40 Gb Free Space | 47.10% Space Free | Partition Type: NTFS
Drive D: | 297.69 Gb Total Space | 118.67 Gb Free Space | 39.86% Space Free | Partition Type: NTFS

Computer Name: MUMANDDAD | User Name: Catherine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/21 16:48:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Catherine\Desktop\OTL.exe
PRC - [2013/08/27 07:56:14 | 003,534,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2013/08/26 17:31:10 | 004,851,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2013/08/20 23:53:02 | 000,335,408 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe
PRC - [2013/08/20 23:42:04 | 000,300,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/06/27 16:11:08 | 020,097,696 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/05/24 20:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Catherine\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/05/16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/05/15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/10/02 07:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2011/10/15 04:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/02/01 07:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 07:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/01/14 05:55:14 | 000,572,712 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/12/03 08:57:16 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2010/08/16 04:54:50 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2010/08/04 11:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
PRC - [2010/06/01 17:09:52 | 001,268,808 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
PRC - [2010/05/05 08:58:24 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
PRC - [2010/05/05 08:58:21 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
PRC - [2009/07/28 14:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/03/10 12:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/21 10:21:47 | 001,175,040 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\wx._core_.pyd
MOD - [2013/09/21 10:21:47 | 001,153,024 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\_ssl.pyd
MOD - [2013/09/21 10:21:47 | 001,062,400 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\wx._controls_.pyd
MOD - [2013/09/21 10:21:47 | 000,811,008 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\wx._windows_.pyd
MOD - [2013/09/21 10:21:47 | 000,805,888 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\wx._gdi_.pyd
MOD - [2013/09/21 10:21:47 | 000,735,232 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\wx._misc_.pyd
MOD - [2013/09/21 10:21:47 | 000,711,680 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\_hashlib.pyd
MOD - [2013/09/21 10:21:47 | 000,686,080 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\unicodedata.pyd
MOD - [2013/09/21 10:21:47 | 000,557,056 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\pysqlite2._sqlite.pyd
MOD - [2013/09/21 10:21:47 | 000,504,832 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\windows._cacheinvalidation.pyd
MOD - [2013/09/21 10:21:47 | 000,364,544 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\pythoncom27.dll
MOD - [2013/09/21 10:21:47 | 000,320,512 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\win32com.shell.shell.pyd
MOD - [2013/09/21 10:21:47 | 000,128,512 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\_elementtree.pyd
MOD - [2013/09/21 10:21:47 | 000,127,488 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\pyexpat.pyd
MOD - [2013/09/21 10:21:47 | 000,122,368 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\wx._wizard.pyd
MOD - [2013/09/21 10:21:47 | 000,119,808 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\win32file.pyd
MOD - [2013/09/21 10:21:47 | 000,110,080 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\pywintypes27.dll
MOD - [2013/09/21 10:21:47 | 000,108,544 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\win32security.pyd
MOD - [2013/09/21 10:21:47 | 000,098,816 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\win32api.pyd
MOD - [2013/09/21 10:21:47 | 000,087,040 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\_ctypes.pyd
MOD - [2013/09/21 10:21:47 | 000,070,656 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\wx._html2.pyd
MOD - [2013/09/21 10:21:47 | 000,044,032 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\_socket.pyd
MOD - [2013/09/21 10:21:47 | 000,038,912 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\win32inet.pyd
MOD - [2013/09/21 10:21:47 | 000,035,840 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\win32process.pyd
MOD - [2013/09/21 10:21:47 | 000,026,624 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\_multiprocessing.pyd
MOD - [2013/09/21 10:21:47 | 000,025,600 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\win32pdh.pyd
MOD - [2013/09/21 10:21:47 | 000,022,528 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\win32ts.pyd
MOD - [2013/09/21 10:21:47 | 000,018,432 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\win32event.pyd
MOD - [2013/09/21 10:21:47 | 000,017,408 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\win32profile.pyd
MOD - [2013/09/21 10:21:47 | 000,011,264 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\win32crypt.pyd
MOD - [2013/09/21 10:21:47 | 000,010,240 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI33042\select.pyd
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2013/03/13 16:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Catherine\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/13 19:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Catherine\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2011/11/01 18:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 18:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/05/05 08:58:24 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
MOD - [2010/05/05 08:58:21 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
MOD - [2010/04/05 06:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\epwizard.dll
MOD - [2010/04/05 06:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\customui.dll
MOD - [2010/04/05 06:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\epfunct.dll
MOD - [2010/04/05 06:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\eputil.dll
MOD - [2010/04/05 06:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\imagutil.dll
MOD - [2010/04/01 13:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebdrs.dll
MOD - [2010/04/01 13:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebscw.dll
MOD - [2009/06/23 07:11:03 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\epoemdll.dll
MOD - [2009/06/23 07:10:27 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\epstring.dll
MOD - [2009/06/23 07:09:07 | 002,203,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\epwizres.dll
MOD - [2009/05/27 08:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebdatr.dll
MOD - [2009/04/28 03:56:28 | 000,024,064 | ---- | M] () -- C:\Windows\SysWOW64\LXEBsmr.dll
MOD - [2009/04/07 15:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\iptk.dll
MOD - [2009/03/10 01:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebcaps.dll
MOD - [2009/03/02 10:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebptp.dll
MOD - [2009/02/20 04:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXEBsm.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/06/20 20:33:08 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/06/20 20:33:08 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2013/05/23 16:12:02 | 000,143,120 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/12/09 11:45:26 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/12/08 09:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2010/10/20 08:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 12:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/04/14 15:56:23 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxebcoms.exe -- (lxeb_device)
SRV:64bit: - [2010/04/14 15:56:13 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxebserv.exe -- (lxebCATSCustConnectService)
SRV:64bit: - [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\svchost.exe -- (RemoteAccess)
SRV - [2013/09/19 19:08:41 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/05 20:41:08 | 000,240,736 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2013/08/27 07:56:14 | 003,534,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/08/20 23:42:04 | 000,300,640 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/02 07:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2011/10/15 04:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/02/11 08:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/02/10 03:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2011/02/01 07:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 07:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/01/14 05:55:14 | 000,572,712 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/04 11:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/04/14 15:56:13 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe -- (lxebCATSCustConnectService)
SRV - [2010/04/14 15:56:01 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxebcoms.exe -- (lxeb_device)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/28 10:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 12:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/22 23:25:44 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/08/22 23:08:14 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/08/22 22:55:04 | 000,241,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/08/22 22:54:54 | 000,192,824 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/08/20 22:53:58 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/08/01 16:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/08/01 16:06:28 | 000,147,768 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013/08/01 16:04:56 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/07/09 18:16:13 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/02/18 09:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/27 07:58:08 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:64bit: - [2011/08/02 12:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 13:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/03 13:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/12 11:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/01/04 19:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 10:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/07/20 11:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/22 04:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 14:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 10:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/19 22:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 08:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {26A80F12-DBF0-429A-B729-BF3D0AF906C9}
IE:64bit: - HKLM\..\SearchScopes\{26A80F12-DBF0-429A-B729-BF3D0AF906C9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {26A80F12-DBF0-429A-B729-BF3D0AF906C9}
IE - HKLM\..\SearchScopes\{26A80F12-DBF0-429A-B729-BF3D0AF906C9}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-415489914-3879192382-1900291337-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
IE - HKU\S-1-5-21-415489914-3879192382-1900291337-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://toshiba.eu/pl...s?touch=4&cat=1 [binary data]
IE - HKU\S-1-5-21-415489914-3879192382-1900291337-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-415489914-3879192382-1900291337-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://toshiba.eu/pl...s?touch=4&cat=1 [binary data]
IE - HKU\S-1-5-21-415489914-3879192382-1900291337-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba.msn.com/
IE - HKU\S-1-5-21-415489914-3879192382-1900291337-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://toshiba.fr.msn.com/
IE - HKU\S-1-5-21-415489914-3879192382-1900291337-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-FR
IE - HKU\S-1-5-21-415489914-3879192382-1900291337-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 25 86 05 E5 0A 3A CE 01 [binary data]
IE - HKU\S-1-5-21-415489914-3879192382-1900291337-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-415489914-3879192382-1900291337-1000\..\SearchScopes\{4623C3CD-DFA9-44EA-BBCC-58EEA4CBC0B4}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKU\S-1-5-21-415489914-3879192382-1900291337-1000\..\SearchScopes\{E4967BF9-F967-4E9E-980A-10510A98CE87}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-415489914-3879192382-1900291337-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-415489914-3879192382-1900291337-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@caminova.com/DjVuPlugin: C:\Program Files (x86)\Caminova\Document Express DjVu Plug-in\npdjvu.dll (Caminova, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2013/07/09 18:11:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Catherine\AppData\Roaming\mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: Google\u00A0Drive = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Skype Click to Call = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-415489914-3879192382-1900291337-1000\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [lxebmon.exe] C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe ()
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-415489914-3879192382-1900291337-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-415489914-3879192382-1900291337-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-415489914-3879192382-1900291337-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Catherine\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.caminova....le.aspx?lang=en (DjVuCtl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D00D3DC6-BCA2-4CA7-9311-571F1F423FA2}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: Remoteaccess - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/09/22 13:34:21 | 000,000,000 | ---D | C] -- C:\FRST
[2013/09/22 13:14:19 | 001,956,670 | ---- | C] (Farbar) -- C:\Users\Catherine\Desktop\FRST64.exe
[2013/09/21 16:48:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Catherine\Desktop\OTL.exe
[2013/09/20 22:22:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/09/20 20:51:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/09/20 20:51:35 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2013/09/20 20:40:40 | 005,128,554 | R--- | C] (Swearware) -- C:\Users\Catherine\Desktop\ComboFix.exe
[2013/09/20 19:44:43 | 000,000,000 | ---D | C] -- C:\Users\Catherine\Documents\pour virus et malwares
[2013/09/20 18:51:33 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013/09/20 17:03:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2013/09/20 17:02:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2013/09/20 17:02:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine
[2013/09/18 13:26:58 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/09/18 12:56:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/09/18 12:56:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/09/18 12:22:26 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2013/09/18 12:22:26 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2013/09/17 20:47:33 | 000,000,000 | ---D | C] -- C:\Users\Catherine\Documents\ProcAlyzer Dumps
[2013/09/17 20:45:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/09/17 20:45:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/09/17 20:45:20 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/09/17 20:45:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/09/17 14:53:33 | 000,000,000 | ---D | C] -- C:\Users\Catherine\AppData\Roaming\SUPERAntiSpyware.com
[2013/09/17 14:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/09/17 14:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/09/17 14:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/09/17 12:24:08 | 000,000,000 | ---D | C] -- C:\Users\Catherine\AppData\Roaming\AVG2014
[2013/09/17 12:23:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/09/17 12:23:49 | 000,000,000 | ---D | C] -- C:\Users\Catherine\AppData\Roaming\TuneUp Software
[2013/09/17 12:23:35 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/09/17 12:23:35 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2013/09/17 12:23:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013/09/17 12:01:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/09/17 12:00:36 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/09/17 12:00:36 | 000,000,000 | ---D | C] -- C:\Users\Catherine\AppData\Local\MFAData
[2013/09/17 12:00:36 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/09/17 12:00:36 | 000,000,000 | ---D | C] -- C:\Users\Catherine\AppData\Local\Avg2014
[2013/09/17 11:53:22 | 000,000,000 | ---D | C] -- C:\Windows\TEMP
[2013/09/17 11:53:22 | 000,000,000 | ---D | C] -- C:\Windows\Logs
[2013/09/16 14:00:04 | 000,000,000 | ---D | C] -- C:\Users\Catherine\AppData\Local\Macroplant_LLC
[2013/09/16 13:57:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iExplorer
[2013/09/16 13:57:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iExplorer
[2013/09/11 10:57:17 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/09/11 10:57:16 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/09/11 10:57:15 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/09/11 10:57:15 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/09/11 10:57:15 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/09/11 10:57:15 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/09/11 10:57:15 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/09/11 10:57:15 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/09/11 10:57:15 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/09/11 10:57:15 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/09/11 10:57:15 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/09/11 10:57:14 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/09/11 10:57:13 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/09/11 10:57:13 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/09/11 10:57:13 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/09/10 22:49:10 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2013/09/10 22:49:08 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/09/10 22:49:08 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/09/10 22:49:08 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/09/10 22:49:07 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/09/10 22:49:07 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/09/10 22:49:07 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/09/10 22:49:07 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/09/10 22:49:07 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/09/10 22:49:07 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/09/10 22:49:07 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/09/10 22:49:06 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/09/10 22:49:06 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/09/10 22:49:06 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/09/10 22:49:06 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/09/10 22:49:06 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/09/10 22:49:06 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/09/10 22:49:06 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/09/10 22:49:06 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/09/10 22:49:06 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2013/09/10 22:49:06 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/09/10 22:49:06 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/09/10 22:49:06 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/09/10 22:49:06 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/09/10 22:49:06 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/09/10 22:49:06 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/10 22:49:06 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/10 22:49:06 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/10 22:49:06 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/10 22:49:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/10 22:49:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/10 22:49:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/09/10 22:49:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/09/10 22:49:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/09/10 22:49:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/10 22:49:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/10 22:49:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/09/10 22:49:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/09/10 22:49:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/10 22:49:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/10 22:49:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/10 22:49:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/10 22:49:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/10 22:49:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/10 22:49:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/09/10 22:49:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/09/10 22:49:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/09/10 22:49:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/10 22:49:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/10 22:49:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/10 22:49:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/09/10 22:49:06 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/09/10 22:49:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/10 22:49:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/09/10 22:49:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/09/10 22:49:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/09/10 22:49:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/09/10 22:49:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/10 22:49:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/09/10 22:49:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/09/10 22:49:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/09/10 22:49:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/09/10 22:49:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/10 22:49:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/09/10 22:49:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/09/10 22:49:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/10 22:49:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/10 22:49:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/10 22:49:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/10 22:49:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/10 22:49:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/10 22:49:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/09/10 22:49:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/09/10 22:49:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/10 22:49:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/10 22:49:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/09/10 22:49:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/09/10 22:49:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/09/10 22:48:54 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/08/31 10:45:16 | 000,000,000 | ---D | C] -- C:\Users\Catherine\AppData\Local\{0CADF07A-4244-45D5-81A9-FD2F24321C21}
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/22 17:06:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/22 16:57:00 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/22 13:36:53 | 001,549,746 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/22 13:36:53 | 000,704,714 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2013/09/22 13:36:53 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/22 13:36:53 | 000,130,988 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2013/09/22 13:36:53 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/22 13:32:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/22 13:14:25 | 001,956,670 | ---- | M] (Farbar) -- C:\Users\Catherine\Desktop\FRST64.exe
[2013/09/22 12:20:51 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/21 16:48:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Catherine\Desktop\OTL.exe
[2013/09/21 10:28:47 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/21 10:28:47 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/21 10:20:56 | 3203,735,552 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/20 10:49:24 | 000,002,190 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/09/19 19:08:39 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/09/19 19:08:38 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/09/19 06:06:44 | 005,128,554 | R--- | M] (Swearware) -- C:\Users\Catherine\Desktop\ComboFix.exe
[2013/09/18 12:57:56 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/09/17 21:56:43 | 000,000,545 | ---- | M] () -- C:\Windows\wininit.ini
[2013/09/17 20:45:30 | 000,001,386 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/09/17 12:23:54 | 000,000,226 | ---- | M] () -- C:\Windows\tasks\SidebarExecute.job
[2013/09/12 19:37:40 | 000,000,338 | ---- | M] () -- C:\Users\Catherine\Documents\Tetro.cue
[2013/09/12 19:37:16 | 3566,075,903 | ---- | M] () -- C:\Users\Catherine\Documents\Tetro.iso
[2013/09/11 18:49:42 | 000,440,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/18 12:57:56 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/09/18 12:56:38 | 000,002,124 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/09/17 21:56:43 | 000,000,545 | ---- | C] () -- C:\Windows\wininit.ini
[2013/09/17 20:45:30 | 000,001,398 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/09/17 20:45:30 | 000,001,386 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/09/17 12:23:54 | 000,000,226 | ---- | C] () -- C:\Windows\tasks\SidebarExecute.job
[2013/09/12 19:37:40 | 000,000,338 | ---- | C] () -- C:\Users\Catherine\Documents\Tetro.cue
[2013/09/12 19:04:03 | 3566,075,903 | ---- | C] () -- C:\Users\Catherine\Documents\Tetro.iso
[2012/06/11 04:48:28 | 000,003,584 | ---- | C] () -- C:\Users\Catherine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/31 02:44:47 | 000,000,097 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/12/30 14:45:37 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebinpa.dll
[2011/12/30 14:45:37 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxebcomx.dll
[2011/12/30 14:45:37 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebiesc.dll
[2011/12/30 14:45:37 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXEBinst.dll
[2011/12/30 14:45:37 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lxebinsr.dll
[2011/12/30 14:45:37 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxebjswr.dll
[2011/12/30 14:45:37 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxebcur.dll
[2011/12/30 14:45:36 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebserv.dll
[2011/12/30 14:45:36 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebusb1.dll
[2011/12/30 14:45:36 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebpmui.dll
[2011/12/30 14:45:36 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeblmpm.dll
[2011/12/30 14:45:36 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxebins.dll
[2011/12/30 14:45:36 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxebinsb.dll
[2011/12/30 14:45:36 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxebcu.dll
[2011/12/30 14:45:36 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxebcub.dll
[2011/12/30 14:45:35 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcomc.dll
[2011/12/30 14:45:35 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebhbn3.dll
[2011/12/30 14:45:35 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcoms.exe
[2011/12/30 14:45:35 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcfg.exe
[2011/12/30 14:45:35 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcomm.dll
[2011/12/30 14:45:35 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebih.exe
[2011/12/30 14:42:32 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEBsm.dll
[2011/12/30 14:42:32 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\LXEBsmr.dll
[2011/12/30 14:37:47 | 001,036,288 | ---- | C] () -- C:\Windows\SysWow64\lxdwdrs.dll
[2011/12/30 14:37:47 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdwcaps.dll
[2011/12/30 14:37:47 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdwcnv4.dll
[2011/12/30 12:40:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/12/30 12:15:56 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/12/30 12:15:56 | 000,000,063 | ---- | C] () -- C:\Windows\mdm.ini
[2011/12/30 12:15:52 | 000,000,000 | ---- | C] () -- C:\Windows\NSREX.INI
[2011/09/27 08:21:23 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2011/09/27 08:07:14 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\desktop.in0
[2013/09/20 18:06:21 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/09/17 12:24:08 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\AVG2014
[2013/09/16 22:35:21 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Azureus
[2013/07/09 18:49:58 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\DAEMON Tools Lite
[2013/09/21 10:22:07 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Dropbox
[2013/07/11 22:33:59 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\EAC
[2012/04/20 12:56:19 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2012/05/17 15:37:03 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Garmin
[2013/08/20 15:01:59 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Nico Mak Computing
[2013/07/18 17:47:58 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\OpenCandy
[2013/07/18 17:48:04 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Philipp Winterberg
[2011/12/30 12:47:08 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Toshiba
[2013/09/17 12:23:49 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\TuneUp Software
[2012/05/31 02:44:56 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\WebPlayerBdd
[2013/07/19 13:55:47 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\WildTangent
[2011/12/30 13:20:18 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\WinBatch
[2011/12/31 10:21:20 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 21:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 01:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 21:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 23:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 23:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 18:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/09 01:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/09 00:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 23:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 23:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 23:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 02:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 21:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 21:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 21:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
No service found with a name of SharedAccess
SRV:64bit: - [2010/11/20 23:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
SRV:64bit: - [2013/06/20 20:33:08 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/06/20 20:33:08 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009/07/13 21:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 21:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 21:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 21:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 21:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 13:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 07:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 02:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 21:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 23:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 23:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 23:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 21:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 23:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 23:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 23:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 23:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 23:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 23:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 01:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 23:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 23:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 23:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 23:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 23:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
No service found with a name of MpsSvc
SRV:64bit: - [2010/11/20 23:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 23:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 23:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 21:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 18:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 23:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 23:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2013/05/16 10:58:12 | 003,859,928 | ---- | M] (Safer-Networking Ltd.) MD5=03250DB0886A23B1F6C077C5D9F152B0 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.ASFX >
[2013/09/03 09:54:02 | 000,002,626 | ---- | M] () MD5=8073B18DC740B965256CE0957E363AC5 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fr_FR\Services\Services.asfx

< MD5 for: SERVICES.ASFX18 >
[2011/06/06 07:55:32 | 000,000,639 | R--- | M] () MD5=ACB64CA3772E9660F72E9E4A6ABF595C -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA76301B744AA0100000010\10.1.0\services.asfx18

< MD5 for: SERVICES.CFG >
[2013/09/03 09:53:56 | 000,558,864 | ---- | M] () MD5=4097D9DB7F5DB4533DDA8271136C9B7B -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 07:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA76301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2011/02/11 12:10:37 | 000,019,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\fr-FR\services.exe.mui
[2011/02/11 12:10:37 | 000,019,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_68750ba1329f3c6f\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2013/09/09 00:10:59 | 000,000,391 | ---- | M] () MD5=B193D60797D321F46774B4A8C1F18B3E -- C:\Program Files\Windows Defender\fr-FR\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8GSCYPRP\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MOF >
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2011/02/11 12:10:26 | 000,092,751 | ---- | M] () MD5=1E203CFA3C6C7661317793BEEBA3423B -- C:\Windows\SysNative\fr-FR\services.msc
[2011/02/11 12:10:47 | 000,092,751 | ---- | M] () MD5=1E203CFA3C6C7661317793BEEBA3423B -- C:\Windows\SysWOW64\fr-FR\services.msc
[2011/02/11 12:10:26 | 000,092,751 | ---- | M] () MD5=1E203CFA3C6C7661317793BEEBA3423B -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a2b6db8d0908d662\services.msc
[2011/02/11 12:10:47 | 000,092,751 | ---- | M] () MD5=1E203CFA3C6C7661317793BEEBA3423B -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4698400950ab652c\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.SBS >
[2011/03/01 00:00:00 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files (x86)\Spybot - Search & Destroy 2\Includes\Services.sbs
[2011/03/01 03:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files (x86)\Spybot - Search & Destroy 2\Updates\Extracts\Services.sbs

< MD5 for: SERVICES.SBS-20110301.CAB >
[2013/09/17 20:58:39 | 000,041,248 | ---- | M] () MD5=149FF3413EED31253183D6E65E383138 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\Updates\Downloads\Services.sbs-20110301.cab

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< dir "%systemdrive%\*" /S /A:L /C >
Le volume dans le lecteur C s'appelle WINDOWS
Le num‚ro de s‚rie du volume est F0A5-F8D9
R‚pertoire de C:\
14/07/2009 01:08 <JONCTION> Documents and Settings [C:\Users]
0 fichier(s) 0 octets
R‚pertoire de C:\Program Files\Windows Defender
11/02/2011 12:15 <SYMLINKD> fr-FR [c:\windows\system32\config]
13/07/2009 21:41 <SYMLINK> MpAsDesc.dll [c:\windows\system32\config]
27/05/2013 01:50 <SYMLINK> MpClient.dll [c:\windows\system32\config]
13/07/2009 21:39 <SYMLINK> MpCmdRun.exe [c:\windows\system32\config]
27/05/2013 01:50 <SYMLINK> MpCommu.dll [c:\windows\system32\config]
13/07/2009 21:29 <SYMLINK> MpEvMsg.dll [c:\windows\system32\config]
13/07/2009 21:41 <SYMLINK> MpOAV.dll [c:\windows\system32\config]
13/07/2009 21:41 <SYMLINK> MpRTP.dll [c:\windows\system32\config]
27/05/2013 01:50 <SYMLINK> MpSvc.dll [c:\windows\system32\config]
13/07/2009 21:39 <SYMLINK> MSASCui.exe [c:\windows\system32\config]
20/11/2010 23:24 <SYMLINK> MsMpCom.dll [c:\windows\system32\config]
13/07/2009 21:29 <SYMLINK> MsMpLics.dll [c:\windows\system32\config]
13/07/2009 21:41 <SYMLINK> MsMpRes.dll [c:\windows\system32\config]
12 fichier(s) 3ÿ919ÿ360 octets
R‚pertoire de C:\ProgramData
14/07/2009 01:08 <JONCTION> Application Data [C:\ProgramData]
14/07/2009 01:08 <JONCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 01:08 <JONCTION> Documents [C:\Users\Public\Documents]
14/07/2009 01:08 <JONCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 01:08 <JONCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 01:08 <JONCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 fichier(s) 0 octets
R‚pertoire de C:\Users
14/07/2009 01:08 <SYMLINKD> All Users [C:\ProgramData]
14/07/2009 01:08 <JONCTION> Default User [C:\Users\Default]
0 fichier(s) 0 octets
R‚pertoire de C:\Users\All Users
14/07/2009 01:08 <JONCTION> Application Data [C:\ProgramData]
14/07/2009 01:08 <JONCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 01:08 <JONCTION> Documents [C:\Users\Public\Documents]
14/07/2009 01:08 <JONCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 01:08 <JONCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 01:08 <JONCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 fichier(s) 0 octets
R‚pertoire de C:\Users\Catherine
30/12/2011 11:55 <JONCTION> Application Data [C:\Users\Catherine\AppData\Roaming]
30/12/2011 11:55 <JONCTION> Cookies [C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Cookies]
30/12/2011 11:55 <JONCTION> Local Settings [C:\Users\Catherine\AppData\Local]
30/12/2011 11:55 <JONCTION> Menu D‚marrer [C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu]
30/12/2011 11:55 <JONCTION> Mes documents [C:\Users\Catherine\Documents]
30/12/2011 11:55 <JONCTION> ModŠles [C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Templates]
30/12/2011 11:55 <JONCTION> Recent [C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Recent]
30/12/2011 11:55 <JONCTION> SendTo [C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\SendTo]
30/12/2011 11:55 <JONCTION> Voisinage d'impression [C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
30/12/2011 11:55 <JONCTION> Voisinage r‚seau [C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
0 fichier(s) 0 octets
R‚pertoire de C:\Users\Catherine\AppData\Local
30/12/2011 11:55 <JONCTION> Application Data [C:\Users\Catherine\AppData\Local]
30/12/2011 11:55 <JONCTION> Historique [C:\Users\Catherine\AppData\Local\Microsoft\Windows\History]
30/12/2011 11:55 <JONCTION> Temporary Internet Files [C:\Users\Catherine\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 fichier(s) 0 octets
R‚pertoire de C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu
30/12/2011 11:55 <JONCTION> Programmes [C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
0 fichier(s) 0 octets
R‚pertoire de C:\Users\Catherine\Documents
30/12/2011 11:55 <JONCTION> Ma musique [C:\Users\Catherine\Music]
30/12/2011 11:55 <JONCTION> Mes images [C:\Users\Catherine\Pictures]
30/12/2011 11:55 <JONCTION> Mes vid‚os [C:\Users\Catherine\Videos]
0 fichier(s) 0 octets
R‚pertoire de C:\Users\Default
14/07/2009 01:08 <JONCTION> Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009 01:08 <JONCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
14/07/2009 01:08 <JONCTION> Local Settings [C:\Users\Default\AppData\Local]
14/07/2009 01:08 <JONCTION> My Documents [C:\Users\Default\Documents]
14/07/2009 01:08 <JONCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009 01:08 <JONCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009 01:08 <JONCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009 01:08 <JONCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009 01:08 <JONCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009 01:08 <JONCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 fichier(s) 0 octets
R‚pertoire de C:\Users\Default\AppData\Local
14/07/2009 01:08 <JONCTION> Application Data [C:\Users\Default\AppData\Local]
14/07/2009 01:08 <JONCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009 01:08 <JONCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 fichier(s) 0 octets
R‚pertoire de C:\Users\Default\Documents
14/07/2009 01:08 <JONCTION> My Music [C:\Users\Default\Music]
14/07/2009 01:08 <JONCTION> My Pictures [C:\Users\Default\Pictures]
14/07/2009 01:08 <JONCTION> My Videos [C:\Users\Default\Videos]
0 fichier(s) 0 octets
R‚pertoire de C:\Users\Public\Documents
14/07/2009 01:08 <JONCTION> My Music [C:\Users\Public\Music]
14/07/2009 01:08 <JONCTION> My Pictures [C:\Users\Public\Pictures]
14/07/2009 01:08 <JONCTION> My Videos [C:\Users\Public\Videos]
0 fichier(s) 0 octets
R‚pertoire de C:\Users\UpdatusUser
30/12/2011 13:54 <JONCTION> Application Data [C:\Users\UpdatusUser\AppData\Roaming]
30/12/2011 13:54 <JONCTION> Cookies [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Cookies]
30/12/2011 13:54 <JONCTION> Local Settings [C:\Users\UpdatusUser\AppData\Local]
30/12/2011 13:54 <JONCTION> Menu D‚marrer [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu]
30/12/2011 13:54 <JONCTION> Mes documents [C:\Users\UpdatusUser\Documents]
30/12/2011 13:54 <JONCTION> ModŠles [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Templates]
30/12/2011 13:54 <JONCTION> Recent [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent]
30/12/2011 13:54 <JONCTION> SendTo [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo]
30/12/2011 13:54 <JONCTION> Voisinage d'impression [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
30/12/2011 13:54 <JONCTION> Voisinage r‚seau [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
0 fichier(s) 0 octets
R‚pertoire de C:\Users\UpdatusUser\AppData\Local
30/12/2011 13:54 <JONCTION> Application Data [C:\Users\UpdatusUser\AppData\Local]
30/12/2011 13:54 <JONCTION> Historique [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]
30/12/2011 13:54 <JONCTION> Temporary Internet Files [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 fichier(s) 0 octets
R‚pertoire de C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu
30/12/2011 13:54 <JONCTION> Programmes [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs]
0 fichier(s) 0 octets
R‚pertoire de C:\Users\UpdatusUser\Documents
30/12/2011 13:54 <JONCTION> Ma musique [C:\Users\UpdatusUser\Music]
30/12/2011 13:54 <JONCTION> Mes images [C:\Users\UpdatusUser\Pictures]
30/12/2011 13:54 <JONCTION> Mes vid‚os [C:\Users\UpdatusUser\Videos]
0 fichier(s) 0 octets
R‚pertoire de C:\Windows\System32\config\systemprofile
27/09/2011 08:19 <JONCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
27/09/2011 08:19 <JONCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
27/09/2011 08:19 <JONCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
27/09/2011 08:19 <JONCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
27/09/2011 08:19 <JONCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
27/09/2011 08:19 <JONCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
27/09/2011 08:19 <JONCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
27/09/2011 08:19 <JONCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
27/09/2011 08:19 <JONCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
27/09/2011 08:19 <JONCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 fichier(s) 0 octets
R‚pertoire de C:\Windows\System32\config\systemprofile\AppData\Local
27/09/2011 08:19 <JONCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
27/09/2011 08:19 <JONCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
27/09/2011 08:19 <JONCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 fichier(s) 0 octets
R‚pertoire de C:\Windows\System32\config\systemprofile\Documents
27/09/2011 08:19 <JONCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
27/09/2011 08:19 <JONCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
27/09/2011 08:19 <JONCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 fichier(s) 0 octets
R‚pertoire de C:\Windows\SysWOW64\config\systemprofile
27/09/2011 08:19 <JONCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
27/09/2011 08:19 <JONCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
27/09/2011 08:19 <JONCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
27/09/2011 08:19 <JONCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
27/09/2011 08:19 <JONCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
27/09/2011 08:19 <JONCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
27/09/2011 08:19 <JONCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
27/09/2011 08:19 <JONCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
27/09/2011 08:19 <JONCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
27/09/2011 08:19 <JONCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 fichier(s) 0 octets
R‚pertoire de C:\Windows\SysWOW64\config\systemprofile\AppData\Local
27/09/2011 08:19 <JONCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
27/09/2011 08:19 <JONCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
27/09/2011 08:19 <JONCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 fichier(s) 0 octets
R‚pertoire de C:\Windows\SysWOW64\config\systemprofile\Documents
27/09/2011 08:19 <JONCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
27/09/2011 08:19 <JONCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
27/09/2011 08:19 <JONCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 fichier(s) 0 octets
R‚pertoire de C:\Windows\winsxs\amd64_security-malware-windows-defender-events_31bf3856ad364e35_6.1.7600.16385_none_118cf1dcd54a3dea
13/07/2009 21:29 <SYMLINK> MpEvMsg.dll [c:\windows\system32\config]
1 fichier(s) 52ÿ224 octets
R‚pertoire de C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306
13/07/2009 21:41 <SYMLINK> MpAsDesc.dll [c:\windows\system32\config]
13/07/2009 21:39 <SYMLINK> MpCmdRun.exe [c:\windows\system32\config]
13/07/2009 21:41 <SYMLINK> MpOAV.dll [c:\windows\system32\config]
13/07/2009 21:41 <SYMLINK> MpRTP.dll [c:\windows\system32\config]
13/07/2009 21:39 <SYMLINK> MSASCui.exe [c:\windows\system32\config]
20/11/2010 23:24 <SYMLINK> MsMpCom.dll [c:\windows\system32\config]
13/07/2009 21:29 <SYMLINK> MsMpLics.dll [c:\windows\system32\config]
13/07/2009 21:41 <SYMLINK> MsMpRes.dll [c:\windows\system32\config]
8 fichier(s) 1ÿ968ÿ640 octets
R‚pertoire de C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55
13/07/2009 21:41 <SYMLINK> MpAsDesc.dll [c:\windows\system32\config]
27/05/2013 01:50 <SYMLINK> MpClient.dll [c:\windows\system32\config]
13/07/2009 21:39 <SYMLINK> MpCmdRun.exe [c:\windows\system32\config]
27/05/2013 01:50 <SYMLINK> MpCommu.dll [c:\windows\system32\config]
13/07/2009 21:41 <SYMLINK> MpOAV.dll [c:\windows\system32\config]
13/07/2009 21:41 <SYMLINK> MpRTP.dll [c:\windows\system32\config]
27/05/2013 01:50 <SYMLINK> MpSvc.dll [c:\windows\system32\config]
13/07/2009 21:39 <SYMLINK> MSASCui.exe [c:\windows\system32\config]
20/11/2010 23:24 <SYMLINK> MsMpCom.dll [c:\windows\system32\config]
13/07/2009 21:29 <SYMLINK> MsMpLics.dll [c:\windows\system32\config]
13/07/2009 21:41 <SYMLINK> MsMpRes.dll [c:\windows\system32\config]
11 fichier(s) 3ÿ867ÿ136 octets
R‚pertoire de C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca
13/07/2009 21:41 <SYMLINK> MpAsDesc.dll [c:\windows\system32\config]
13/07/2009 21:39 <SYMLINK> MpCmdRun.exe [c:\windows\system32\config]
13/07/2009 21:41 <SYMLINK> MpOAV.dll [c:\windows\system32\config]
13/07/2009 21:41 <SYMLINK> MpRTP.dll [c:\windows\system32\config]
13/07/2009 21:39 <SYMLINK> MSASCui.exe [c:\windows\system32\config]
20/11/2010 23:24 <SYMLINK> MsMpCom.dll [c:\windows\system32\config]
13/07/2009 21:29 <SYMLINK> MsMpLics.dll [c:\windows\system32\config]
13/07/2009 21:41 <SYMLINK> MsMpRes.dll [c:\windows\system32\config]
8 fichier(s) 1ÿ968ÿ640 octets
Total des fichiers list‚sÿ:
40 fichier(s) 11ÿ776ÿ000 octets
101 R‚p(s) 155ÿ674ÿ685ÿ440 octets libres

< End of report >


Thank you very much :)
  • 0

#10
vrainewb
Posted 22 September 2013 - 04:07 PM

vrainewb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
One other thing though.

The download problem persists. (I tried downloading from here: OTL download page and IE replied with the usual deletion message.
  • 0

Advertisements

#11
Essexboy
Posted 23 September 2013 - 06:56 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes you were hit by a double whammy as it were, hence the need to run the long OTL scan

Lets now remove the other elements, this time you should be able to do downloads

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-415489914-3879192382-1900291337-1000\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\desktop.in0

:Files
fsutil reparsepoint delete "C:\Program Files\Windows Defender\fr-FR" /c 
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpAsDesc.dll" /c 
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpClient.dll" /c 
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpCmdRun.exe" /c 
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpCommu.dll" /c 
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpEvMsg.dll" /c 
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpOAV.dll" /c 
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpRTP.dll" /c 
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpSvc.dll" /c 
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MSASCui.exe" /c 
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MsMpCom.dll" /c 
fsutil reparsepoint delete "C:\Program Files\Windows DefenderMsMpLics.dll" /c 
fsutil reparsepoint delete "C:\Program Files\Windows Defender\MsMpRes.dll" /c 

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#12
vrainewb
Posted 24 September 2013 - 12:16 AM

vrainewb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hello,

OTL is running now, and it has been at the [emptytemp] stage for something like 2 hours and a half (well it's either that or the [resethosts] stage depending if what's left in the custom fixes window is the actual process in course or the next one to come.

Is this a normal behavior?

Thanks
  • 0

#13
vrainewb
Posted 24 September 2013 - 02:02 AM

vrainewb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hello again,

It's fine, it took roughly 4 hours for that last step.

On reboot OTL came up with this in Notepad:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-415489914-3879192382-1900291337-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\ not found.
C:\Windows\assembly\desktop.in0 moved successfully.
========== FILES ==========
< fsutil reparsepoint delete "C:\Program Files\Windows Defender\fr-FR" /c >
C:\Users\Catherine\Desktop\cmd.bat deleted successfully.
C:\Users\Catherine\Desktop\cmd.txt deleted successfully.
< fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpAsDesc.dll" /c >
C:\Users\Catherine\Desktop\cmd.bat deleted successfully.
C:\Users\Catherine\Desktop\cmd.txt deleted successfully.
< fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpClient.dll" /c >
C:\Users\Catherine\Desktop\cmd.bat deleted successfully.
C:\Users\Catherine\Desktop\cmd.txt deleted successfully.
< fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpCmdRun.exe" /c >
C:\Users\Catherine\Desktop\cmd.bat deleted successfully.
C:\Users\Catherine\Desktop\cmd.txt deleted successfully.
< fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpCommu.dll" /c >
C:\Users\Catherine\Desktop\cmd.bat deleted successfully.
C:\Users\Catherine\Desktop\cmd.txt deleted successfully.
< fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpEvMsg.dll" /c >
C:\Users\Catherine\Desktop\cmd.bat deleted successfully.
C:\Users\Catherine\Desktop\cmd.txt deleted successfully.
< fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpOAV.dll" /c >
C:\Users\Catherine\Desktop\cmd.bat deleted successfully.
C:\Users\Catherine\Desktop\cmd.txt deleted successfully.
< fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpRTP.dll" /c >
C:\Users\Catherine\Desktop\cmd.bat deleted successfully.
C:\Users\Catherine\Desktop\cmd.txt deleted successfully.
< fsutil reparsepoint delete "C:\Program Files\Windows Defender\MpSvc.dll" /c >
C:\Users\Catherine\Desktop\cmd.bat deleted successfully.
C:\Users\Catherine\Desktop\cmd.txt deleted successfully.
< fsutil reparsepoint delete "C:\Program Files\Windows Defender\MSASCui.exe" /c >
C:\Users\Catherine\Desktop\cmd.bat deleted successfully.
C:\Users\Catherine\Desktop\cmd.txt deleted successfully.
< fsutil reparsepoint delete "C:\Program Files\Windows Defender\MsMpCom.dll" /c >
C:\Users\Catherine\Desktop\cmd.bat deleted successfully.
C:\Users\Catherine\Desktop\cmd.txt deleted successfully.
< fsutil reparsepoint delete "C:\Program Files\Windows DefenderMsMpLics.dll" /c >
Erreurÿ: Le fichier sp‚cifi‚ est introuvable.
C:\Users\Catherine\Desktop\cmd.bat deleted successfully.
C:\Users\Catherine\Desktop\cmd.txt deleted successfully.
< fsutil reparsepoint delete "C:\Program Files\Windows Defender\MsMpRes.dll" /c >
C:\Users\Catherine\Desktop\cmd.bat deleted successfully.
C:\Users\Catherine\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Catherine
->Temp folder emptied: 171828953 bytes
->Temporary Internet Files folder emptied: 1118977759 bytes
->Java cache emptied: 463997 bytes
->Google Chrome cache emptied: 398775638 bytes
->Flash cache emptied: 63391 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13348343 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 1884819228 bytes
RecycleBin emptied: 708477570 bytes

Total Files Cleaned = 4,098.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09232013_234809

Files\Folders moved on Reboot...
C:\Users\Catherine\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Catherine\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\%252529%25253B%2526ccd%253D%252521OQa5NwjN7W4QjobpAxjF6g0gBA..%2526vpid%253D118%2526referrer%253Dhttp%25253A%25252F%25252Fwww.southdeltaonline[10].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\%252529%25253B%2526ccd%253D%252521OQa5NwjN7W4QjobpAxjF6g0gBA..%2526vpid%253D118%2526referrer%253Dhttp%25253A%25252F%25252Fwww.southdeltaonline[11].js not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

_________________________

Some items were not found... Anyways. I'll post the quick scan result next.
  • 0

#14
vrainewb
Posted 24 September 2013 - 02:35 AM

vrainewb

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hello,

Here are a few things I just checked:
- Download problems with IE persits.
- Windows Defender has now an icon in Control Panels but when I click on it, I get a message saying it can't initialize the application (0x80070002) (sorry, I get the message in french; I'm not sure what's the exact normal terminology.)

Here's the quick scan log:

OTL logfile created on: 9/24/2013 4:04:49 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Catherine\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3.98 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 58.21% Memory free
7.95 Gb Paging File | 6.13 Gb Available in Paging File | 77.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 148.04 Gb Free Space | 49.66% Space Free | Partition Type: NTFS
Drive D: | 297.69 Gb Total Space | 118.67 Gb Free Space | 39.86% Space Free | Partition Type: NTFS

Computer Name: MUMANDDAD | User Name: Catherine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/21 16:48:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Catherine\Desktop\OTL.exe
PRC - [2013/08/27 07:56:14 | 003,534,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2013/08/26 17:31:10 | 004,851,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2013/08/20 23:42:04 | 000,300,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/06/27 16:11:08 | 020,097,696 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/05/24 20:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Catherine\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/05/16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/05/15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/10/02 07:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2011/10/15 04:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/02/01 07:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 07:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/01/14 05:55:14 | 000,572,712 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/12/03 08:57:16 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2010/08/16 04:54:50 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2010/08/04 11:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
PRC - [2010/06/01 17:09:52 | 001,268,808 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
PRC - [2010/05/05 08:58:24 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
PRC - [2010/05/05 08:58:21 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
PRC - [2009/07/28 14:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/03/10 12:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/24 03:53:08 | 001,175,040 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI43562\wx._core_.pyd
MOD - [2013/09/24 03:53:08 | 001,153,024 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI43562\_ssl.pyd
MOD - [2013/09/24 03:53:08 | 000,811,008 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI43562\wx._windows_.pyd
MOD - [2013/09/24 03:53:08 | 000,805,888 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI43562\wx._gdi_.pyd
MOD - [2013/09/24 03:53:08 | 000,735,232 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI43562\wx._misc_.pyd
MOD - [2013/09/24 03:53:08 | 000,711,680 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI43562\_hashlib.pyd
MOD - [2013/09/24 03:53:08 | 000,557,056 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI43562\pysqlite2._sqlite.pyd
MOD - [2013/09/24 03:53:08 | 000,504,832 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI43562\windows._cacheinvalidation.pyd
MOD - [2013/09/24 03:53:08 | 000,364,544 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI43562\pythoncom27.dll
MOD - [2013/09/24 03:53:08 | 000,320,512 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI43562\win32com.shell.shell.pyd
MOD - [2013/09/24 03:53:08 | 000,128,512 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI43562\_elementtree.pyd
MOD - [2013/09/24 03:53:08 | 000,122,368 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI43562\wx._wizard.pyd
MOD - [2013/09/24 03:53:08 | 000,119,808 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI43562\win32file.pyd
MOD - [2013/09/24 03:53:08 | 000,110,080 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI43562\pywintypes27.dll
MOD - [2013/09/24 03:53:08 | 000,108,544 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI43562\win32security.pyd
MOD - [2013/09/24 03:53:08 | 000,098,816 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI43562\win32api.pyd
MOD - [2013/09/24 03:53:08 | 000,087,040 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI43562\_ctypes.pyd
MOD - [2013/09/24 03:53:08 | 000,070,656 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI43562\wx._html2.pyd
MOD - [2013/09/24 03:53:08 | 000,044,032 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI43562\_socket.pyd
MOD - [2013/09/24 03:53:08 | 000,038,912 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI43562\win32inet.pyd
MOD - [2013/09/24 03:53:08 | 000,035,840 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI43562\win32process.pyd
MOD - [2013/09/24 03:53:08 | 000,026,624 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI43562\_multiprocessing.pyd
MOD - [2013/09/24 03:53:08 | 000,025,600 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI43562\win32pdh.pyd
MOD - [2013/09/24 03:53:08 | 000,022,528 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI43562\win32ts.pyd
MOD - [2013/09/24 03:53:08 | 000,017,408 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI43562\win32profile.pyd
MOD - [2013/09/24 03:53:08 | 000,011,264 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI43562\win32crypt.pyd
MOD - [2013/09/24 03:53:07 | 001,062,400 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI43562\wx._controls_.pyd
MOD - [2013/09/24 03:53:07 | 000,686,080 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI43562\unicodedata.pyd
MOD - [2013/09/24 03:53:07 | 000,127,488 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI43562\pyexpat.pyd
MOD - [2013/09/24 03:53:07 | 000,018,432 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI43562\win32event.pyd
MOD - [2013/09/24 03:53:07 | 000,010,240 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI43562\select.pyd
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2013/03/13 16:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Catherine\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/13 19:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Catherine\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2011/11/01 18:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 18:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/05/05 08:58:24 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
MOD - [2010/05/05 08:58:21 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
MOD - [2010/04/05 06:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\epwizard.dll
MOD - [2010/04/05 06:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\customui.dll
MOD - [2010/04/05 06:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\epfunct.dll
MOD - [2010/04/05 06:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\eputil.dll
MOD - [2010/04/05 06:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\imagutil.dll
MOD - [2010/04/01 13:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebdrs.dll
MOD - [2010/04/01 13:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebscw.dll
MOD - [2009/06/23 07:11:03 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\epoemdll.dll
MOD - [2009/06/23 07:10:27 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\epstring.dll
MOD - [2009/06/23 07:09:07 | 002,203,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\epwizres.dll
MOD - [2009/05/27 08:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebdatr.dll
MOD - [2009/04/28 03:56:28 | 000,024,064 | ---- | M] () -- C:\Windows\SysWOW64\LXEBsmr.dll
MOD - [2009/04/07 15:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\iptk.dll
MOD - [2009/03/10 01:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebcaps.dll
MOD - [2009/03/02 10:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebptp.dll
MOD - [2009/02/20 04:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXEBsm.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/06/20 20:33:08 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/06/20 20:33:08 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2013/05/23 16:12:02 | 000,143,120 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/12/09 11:45:26 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/12/08 09:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2010/10/20 08:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 12:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/04/14 15:56:23 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxebcoms.exe -- (lxeb_device)
SRV:64bit: - [2010/04/14 15:56:13 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxebserv.exe -- (lxebCATSCustConnectService)
SRV:64bit: - [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\svchost.exe -- (RemoteAccess)
SRV - [2013/09/19 19:08:41 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/05 20:41:08 | 000,240,736 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2013/08/27 07:56:14 | 003,534,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/08/20 23:42:04 | 000,300,640 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/02 07:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2011/10/15 04:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/02/11 08:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/02/10 03:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2011/02/01 07:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 07:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/01/14 05:55:14 | 000,572,712 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/04 11:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/04/14 15:56:13 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe -- (lxebCATSCustConnectService)
SRV - [2010/04/14 15:56:01 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxebcoms.exe -- (lxeb_device)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/28 10:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 12:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/22 23:25:44 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/08/22 23:08:14 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/08/22 22:55:04 | 000,241,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/08/22 22:54:54 | 000,192,824 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/08/20 22:53:58 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/08/01 16:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/08/01 16:06:28 | 000,147,768 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013/08/01 16:04:56 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/07/09 18:16:13 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/02/18 09:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/27 07:58:08 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:64bit: - [2011/08/02 12:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 13:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/03 13:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/12 11:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/01/04 19:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 10:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/07/20 11:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/22 04:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 14:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 10:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/19 22:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 08:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {26A80F12-DBF0-429A-B729-BF3D0AF906C9}
IE:64bit: - HKLM\..\SearchScopes\{26A80F12-DBF0-429A-B729-BF3D0AF906C9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {26A80F12-DBF0-429A-B729-BF3D0AF906C9}
IE - HKLM\..\SearchScopes\{26A80F12-DBF0-429A-B729-BF3D0AF906C9}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://toshiba.eu/pl...s?touch=4&cat=1 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://toshiba.eu/pl...s?touch=4&cat=1 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://toshiba.fr.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-FR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 25 86 05 E5 0A 3A CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{4623C3CD-DFA9-44EA-BBCC-58EEA4CBC0B4}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKCU\..\SearchScopes\{E4967BF9-F967-4E9E-980A-10510A98CE87}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@caminova.com/DjVuPlugin: C:\Program Files (x86)\Caminova\Document Express DjVu Plug-in\npdjvu.dll (Caminova, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2013/07/09 18:11:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Catherine\AppData\Roaming\mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: Google\u00A0Drive = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Skype Click to Call = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\

O1 HOSTS File: ([2013/09/23 23:50:10 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [lxebmon.exe] C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe ()
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - Startup: C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Catherine\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.caminova....le.aspx?lang=en (DjVuCtl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D00D3DC6-BCA2-4CA7-9311-571F1F423FA2}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/23 23:48:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/09/22 13:34:21 | 000,000,000 | ---D | C] -- C:\FRST
[2013/09/22 13:14:19 | 001,956,670 | ---- | C] (Farbar) -- C:\Users\Catherine\Desktop\FRST64.exe
[2013/09/21 16:48:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Catherine\Desktop\OTL.exe
[2013/09/20 22:22:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/09/20 20:51:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/09/20 20:51:35 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2013/09/20 20:40:40 | 005,128,554 | R--- | C] (Swearware) -- C:\Users\Catherine\Desktop\ComboFix.exe
[2013/09/20 19:44:43 | 000,000,000 | ---D | C] -- C:\Users\Catherine\Documents\pour virus et malwares
[2013/09/20 18:51:33 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013/09/20 17:03:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2013/09/20 17:02:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2013/09/20 17:02:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine
[2013/09/18 12:56:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/09/18 12:56:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/09/17 20:47:33 | 000,000,000 | ---D | C] -- C:\Users\Catherine\Documents\ProcAlyzer Dumps
[2013/09/17 20:45:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/09/17 20:45:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/09/17 20:45:20 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/09/17 20:45:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/09/17 14:53:33 | 000,000,000 | ---D | C] -- C:\Users\Catherine\AppData\Roaming\SUPERAntiSpyware.com
[2013/09/17 14:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/09/17 14:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/09/17 14:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/09/17 12:24:08 | 000,000,000 | ---D | C] -- C:\Users\Catherine\AppData\Roaming\AVG2014
[2013/09/17 12:23:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/09/17 12:23:49 | 000,000,000 | ---D | C] -- C:\Users\Catherine\AppData\Roaming\TuneUp Software
[2013/09/17 12:23:35 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/09/17 12:23:35 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2013/09/17 12:23:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013/09/17 12:01:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/09/17 12:00:36 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/09/17 12:00:36 | 000,000,000 | ---D | C] -- C:\Users\Catherine\AppData\Local\MFAData
[2013/09/17 12:00:36 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/09/17 12:00:36 | 000,000,000 | ---D | C] -- C:\Users\Catherine\AppData\Local\Avg2014
[2013/09/17 11:53:22 | 000,000,000 | ---D | C] -- C:\Windows\TEMP
[2013/09/17 11:53:22 | 000,000,000 | ---D | C] -- C:\Windows\Logs
[2013/09/16 14:00:04 | 000,000,000 | ---D | C] -- C:\Users\Catherine\AppData\Local\Macroplant_LLC
[2013/09/16 13:57:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iExplorer
[2013/09/16 13:57:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iExplorer
[2013/08/31 10:45:16 | 000,000,000 | ---D | C] -- C:\Users\Catherine\AppData\Local\{0CADF07A-4244-45D5-81A9-FD2F24321C21}
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/24 04:06:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/24 03:59:33 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/24 03:59:33 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/24 03:57:01 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/24 03:52:03 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/24 03:51:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/24 03:51:53 | 3203,735,552 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/23 23:50:10 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/09/23 11:34:59 | 001,549,746 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/23 11:34:59 | 000,704,714 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2013/09/23 11:34:59 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/23 11:34:59 | 000,130,988 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2013/09/23 11:34:59 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/22 13:14:25 | 001,956,670 | ---- | M] (Farbar) -- C:\Users\Catherine\Desktop\FRST64.exe
[2013/09/21 16:48:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Catherine\Desktop\OTL.exe
[2013/09/20 10:49:24 | 000,002,190 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/09/19 06:06:44 | 005,128,554 | R--- | M] (Swearware) -- C:\Users\Catherine\Desktop\ComboFix.exe
[2013/09/18 12:57:56 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/09/17 21:56:43 | 000,000,545 | ---- | M] () -- C:\Windows\wininit.ini
[2013/09/17 20:45:30 | 000,001,386 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/09/17 12:23:54 | 000,000,226 | ---- | M] () -- C:\Windows\tasks\SidebarExecute.job
[2013/09/12 19:37:40 | 000,000,338 | ---- | M] () -- C:\Users\Catherine\Documents\Tetro.cue
[2013/09/12 19:37:16 | 3566,075,903 | ---- | M] () -- C:\Users\Catherine\Documents\Tetro.iso
[2013/09/11 18:49:42 | 000,440,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/18 12:57:56 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/09/18 12:56:38 | 000,002,124 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/09/17 21:56:43 | 000,000,545 | ---- | C] () -- C:\Windows\wininit.ini
[2013/09/17 20:45:30 | 000,001,398 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/09/17 20:45:30 | 000,001,386 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/09/17 12:23:54 | 000,000,226 | ---- | C] () -- C:\Windows\tasks\SidebarExecute.job
[2013/09/12 19:37:40 | 000,000,338 | ---- | C] () -- C:\Users\Catherine\Documents\Tetro.cue
[2013/09/12 19:04:03 | 3566,075,903 | ---- | C] () -- C:\Users\Catherine\Documents\Tetro.iso
[2012/06/11 04:48:28 | 000,003,584 | ---- | C] () -- C:\Users\Catherine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/31 02:44:47 | 000,000,097 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/12/30 14:45:37 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebinpa.dll
[2011/12/30 14:45:37 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxebcomx.dll
[2011/12/30 14:45:37 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebiesc.dll
[2011/12/30 14:45:37 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXEBinst.dll
[2011/12/30 14:45:37 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lxebinsr.dll
[2011/12/30 14:45:37 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxebjswr.dll
[2011/12/30 14:45:37 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxebcur.dll
[2011/12/30 14:45:36 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebserv.dll
[2011/12/30 14:45:36 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebusb1.dll
[2011/12/30 14:45:36 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebpmui.dll
[2011/12/30 14:45:36 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeblmpm.dll
[2011/12/30 14:45:36 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxebins.dll
[2011/12/30 14:45:36 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxebinsb.dll
[2011/12/30 14:45:36 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxebcu.dll
[2011/12/30 14:45:36 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxebcub.dll
[2011/12/30 14:45:35 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcomc.dll
[2011/12/30 14:45:35 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebhbn3.dll
[2011/12/30 14:45:35 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcoms.exe
[2011/12/30 14:45:35 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcfg.exe
[2011/12/30 14:45:35 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcomm.dll
[2011/12/30 14:45:35 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebih.exe
[2011/12/30 14:42:32 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEBsm.dll
[2011/12/30 14:42:32 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\LXEBsmr.dll
[2011/12/30 14:37:47 | 001,036,288 | ---- | C] () -- C:\Windows\SysWow64\lxdwdrs.dll
[2011/12/30 14:37:47 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdwcaps.dll
[2011/12/30 14:37:47 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdwcnv4.dll
[2011/12/30 12:40:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/12/30 12:15:56 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/12/30 12:15:56 | 000,000,063 | ---- | C] () -- C:\Windows\mdm.ini
[2011/12/30 12:15:52 | 000,000,000 | ---- | C] () -- C:\Windows\NSREX.INI
[2011/09/27 08:21:23 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2011/09/27 08:07:14 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe

========== ZeroAccess Check ==========

[2013/09/20 18:06:21 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/09/17 12:24:08 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\AVG2014
[2013/09/23 14:29:54 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Azureus
[2013/07/09 18:49:58 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\DAEMON Tools Lite
[2013/09/24 03:53:41 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Dropbox
[2013/07/11 22:33:59 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\EAC
[2012/04/20 12:56:19 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2012/05/17 15:37:03 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Garmin
[2013/08/20 15:01:59 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Nico Mak Computing
[2013/07/18 17:47:58 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\OpenCandy
[2013/07/18 17:48:04 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Philipp Winterberg
[2011/12/30 12:47:08 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Toshiba
[2013/09/17 12:23:49 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\TuneUp Software
[2012/05/31 02:44:56 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\WebPlayerBdd
[2013/07/19 13:55:47 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\WildTangent
[2011/12/30 13:20:18 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\WinBatch
[2011/12/31 10:21:20 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >
  • 0

#15
Essexboy
Posted 24 September 2013 - 07:15 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Total Files Cleaned = 4,098.00 mb this was why the emptytemp command was taking a while, it cleared a lot of rubbish from the system

Are downloads OK in Chrome and Firefox ?


Let us a bigger tool to fix IE

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP