Jump to content

Welcome to Geeks to Go - Register now for FREE
Geeks To Go is a helpful hub, where thousands of friendly volunteers serve up answers and support. Get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message and all ads will be removed once you have signed in.
Create an Account Login to Account

again with IE thinks every download is a virus.. but probably more [So


  • This topic is locked This topic is locked

#16
vrainewb

vrainewb

    Member

  • Member
  • PipPip
  • 22 posts
Hi

Total Files Cleaned = 4,098.00 mb this was why the emptytemp command was taking a while, it cleared a lot of rubbish from the system


Yeah, and almost 2 Gbs from IE. I didn't kow that was possible hehe.


OK... I'm gonna recap a little here.

- I can download from Chrome (just downloaded ComboFix again with it) BUT if I download a .zip file (haven't tested other kinds of archives) it'll behave this way: the download goes fine, I can open it by double-clicking on it, but it's still useless because if I try to drag and drop out of it, nothing happens, and if I try to extract it from the contextual menu, it results as an empty folder.

- the computer doesn't have Firefox installed. Searching with the normal search toolbar (windows explorer window I guess) I get one Firefox.exe, but that's from C:\32788R22FWJFW , which is a folder that was created friday; I think that was created when I used ComboFix the first time.

- Using Regedit I saw these two:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}

Should i delete those?

-------

OK now, about ComboFix, I'm afraid a little because like I said in my first post, it didn't work well the first time.

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop


This time I downloaded the file directly to the Desktop, is this what you meant? (First time I just dragged it to the desktop from a USB key)

Also, I disabled all real_time protection from the programs installed but I can't turn off Windows Defender since I can't access it. Can I do something about that or do I just go on?


Thanks a lot.
  • 0

Advertisement


#17
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 64,765 posts
Those clsid's are related to imminent an unwanted toolbar/search engine we will kill that properly later

Combofix failed to run due to the zero access malware but, it should run OK now. Accept the combofix warning and let it run :)
  • 0

#18
vrainewb

vrainewb

    Member

  • Member
  • PipPip
  • 22 posts
OK, will do rightaway. I forgot to ask, should I run it as admin?
  • 0

#19
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 64,765 posts
It should automatically take admin privileges, but yes it would not hurt :)
  • 0

#20
vrainewb

vrainewb

    Member

  • Member
  • PipPip
  • 22 posts

It should automatically take admin privileges, but yes it would not hurt :)


Sorry, I wasn't patient enough :/ But I think it did automatically like you said. The app seemed to be working fine and didn't need to reboot twice.

Ok so now, Chrome feels like 5 times faster hehe... I can download with IE so that's great. I did try with a zip file with Chrome and I could now extract the files as well. So that's good as well. It generally feels like a big reset. The icon tray is now almost empty. Also, Action Center seems to be working OK (it gives me the option to activate Windows Defender which is already better than it was).



Log (sorry there are a lot of french words in it) :

ComboFix 13-09-24.02 - Catherine 24/09/2013 17:00:17.1.4 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.4074.1975 [GMT -4:00]
Lancé depuis: c:\users\Catherine\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Desktop\Install\{db49f1f9-58bb-0c5a-a757-cae572ea28bd}\9519~1\A535~1\E628~1\{db49f1f9-58bb-0c5a-a757-cae572ea28bd}\@
c:\program files (x86)\Google\Desktop\Install\{db49f1f9-58bb-0c5a-a757-cae572ea28bd}\9519~1\A535~1\E628~1\{db49f1f9-58bb-0c5a-a757-cae572ea28bd}\U\00000001.@
c:\program files (x86)\Google\Desktop\Install\{db49f1f9-58bb-0c5a-a757-cae572ea28bd}\9519~1\A535~1\E628~1\{db49f1f9-58bb-0c5a-a757-cae572ea28bd}\U\00000002.@
c:\program files (x86)\Google\Desktop\Install\{db49f1f9-58bb-0c5a-a757-cae572ea28bd}\9519~1\A535~1\E628~1\{db49f1f9-58bb-0c5a-a757-cae572ea28bd}\U\80000000.@
c:\program files (x86)\Google\Desktop\Install\{db49f1f9-58bb-0c5a-a757-cae572ea28bd}\9519~1\A535~1\E628~1\{db49f1f9-58bb-0c5a-a757-cae572ea28bd}\U\80000001.@
c:\program files (x86)\Google\Desktop\Install\{db49f1f9-58bb-0c5a-a757-cae572ea28bd}\9519~1\A535~1\E628~1\{db49f1f9-58bb-0c5a-a757-cae572ea28bd}\U\800000cb.@
c:\programdata\SPL58FA.tmp
c:\programdata\SPLA0A6.tmp
c:\users\CATHER~1\AppData\Local\Temp\_MEI33442\_ctypes.pyd
c:\users\CATHER~1\AppData\Local\Temp\_MEI33442\_elementtree.pyd
c:\users\CATHER~1\AppData\Local\Temp\_MEI33442\_hashlib.pyd
c:\users\CATHER~1\AppData\Local\Temp\_MEI33442\_multiprocessing.pyd
c:\users\CATHER~1\AppData\Local\Temp\_MEI33442\_socket.pyd
c:\users\CATHER~1\AppData\Local\Temp\_MEI33442\_ssl.pyd
c:\users\CATHER~1\AppData\Local\Temp\_MEI33442\msvcp100.dll
c:\users\CATHER~1\AppData\Local\Temp\_MEI33442\msvcr100.dll
c:\users\CATHER~1\AppData\Local\Temp\_MEI33442\pyexpat.pyd
c:\users\CATHER~1\AppData\Local\Temp\_MEI33442\pysqlite2._sqlite.pyd
c:\users\CATHER~1\AppData\Local\Temp\_MEI33442\python27.dll
c:\users\CATHER~1\AppData\Local\Temp\_MEI33442\pythoncom27.dll
c:\users\CATHER~1\AppData\Local\Temp\_MEI33442\PyWinTypes27.dll
c:\users\CATHER~1\AppData\Local\Temp\_MEI33442\select.pyd
c:\users\CATHER~1\AppData\Local\Temp\_MEI33442\unicodedata.pyd
c:\users\CATHER~1\AppData\Local\Temp\_MEI33442\win32api.pyd
c:\users\CATHER~1\AppData\Local\Temp\_MEI33442\win32com.shell.shell.pyd
c:\users\CATHER~1\AppData\Local\Temp\_MEI33442\win32crypt.pyd
c:\users\CATHER~1\AppData\Local\Temp\_MEI33442\win32event.pyd
c:\users\CATHER~1\AppData\Local\Temp\_MEI33442\win32file.pyd
c:\users\CATHER~1\AppData\Local\Temp\_MEI33442\win32inet.pyd
c:\users\CATHER~1\AppData\Local\Temp\_MEI33442\win32pdh.pyd
c:\users\CATHER~1\AppData\Local\Temp\_MEI33442\win32process.pyd
c:\users\CATHER~1\AppData\Local\Temp\_MEI33442\win32profile.pyd
c:\users\CATHER~1\AppData\Local\Temp\_MEI33442\win32security.pyd
c:\users\CATHER~1\AppData\Local\Temp\_MEI33442\win32ts.pyd
c:\users\CATHER~1\AppData\Local\Temp\_MEI33442\windows._cacheinvalidation.pyd
c:\users\CATHER~1\AppData\Local\Temp\_MEI33442\wx._controls_.pyd
c:\users\CATHER~1\AppData\Local\Temp\_MEI33442\wx._core_.pyd
c:\users\CATHER~1\AppData\Local\Temp\_MEI33442\wx._gdi_.pyd
c:\users\CATHER~1\AppData\Local\Temp\_MEI33442\wx._html2.pyd
c:\users\CATHER~1\AppData\Local\Temp\_MEI33442\wx._misc_.pyd
c:\users\CATHER~1\AppData\Local\Temp\_MEI33442\wx._windows_.pyd
c:\users\CATHER~1\AppData\Local\Temp\_MEI33442\wx._wizard.pyd
c:\users\CATHER~1\AppData\Local\Temp\_MEI33442\wxbase294u_net_vc90.dll
c:\users\CATHER~1\AppData\Local\Temp\_MEI33442\wxbase294u_vc90.dll
c:\users\CATHER~1\AppData\Local\Temp\_MEI33442\wxmsw294u_adv_vc90.dll
c:\users\CATHER~1\AppData\Local\Temp\_MEI33442\wxmsw294u_core_vc90.dll
c:\users\CATHER~1\AppData\Local\Temp\_MEI33442\wxmsw294u_html_vc90.dll
c:\users\CATHER~1\AppData\Local\Temp\_MEI33442\wxmsw294u_webview_vc90.dll
c:\users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Catherine\AppData\Local\Google\Desktop\Install\{db49f1f9-58bb-0c5a-a757-cae572ea28bd}\2E2F~1\28F0~1\E628~1\{db49f1f9-58bb-0c5a-a757-cae572ea28bd}\@
c:\users\Catherine\AppData\Local\Google\Desktop\Install\{db49f1f9-58bb-0c5a-a757-cae572ea28bd}\2E2F~1\28F0~1\E628~1\{db49f1f9-58bb-0c5a-a757-cae572ea28bd}\U\00000001.@
c:\users\Catherine\AppData\Local\Google\Desktop\Install\{db49f1f9-58bb-0c5a-a757-cae572ea28bd}\2E2F~1\28F0~1\E628~1\{db49f1f9-58bb-0c5a-a757-cae572ea28bd}\U\00000002.@
c:\users\Catherine\AppData\Local\Google\Desktop\Install\{db49f1f9-58bb-0c5a-a757-cae572ea28bd}\2E2F~1\28F0~1\E628~1\{db49f1f9-58bb-0c5a-a757-cae572ea28bd}\U\80000000.@
c:\users\Catherine\AppData\Local\Google\Desktop\Install\{db49f1f9-58bb-0c5a-a757-cae572ea28bd}\2E2F~1\28F0~1\E628~1\{db49f1f9-58bb-0c5a-a757-cae572ea28bd}\U\80000001.@
c:\users\Catherine\AppData\Local\Google\Desktop\Install\{db49f1f9-58bb-0c5a-a757-cae572ea28bd}\2E2F~1\28F0~1\E628~1\{db49f1f9-58bb-0c5a-a757-cae572ea28bd}\U\800000cb.@
c:\users\Catherine\AppData\Local\Temp\_MEI33442\_ctypes.pyd
c:\users\Catherine\AppData\Local\Temp\_MEI33442\_elementtree.pyd
c:\users\Catherine\AppData\Local\Temp\_MEI33442\_hashlib.pyd
c:\users\Catherine\AppData\Local\Temp\_MEI33442\_multiprocessing.pyd
c:\users\Catherine\AppData\Local\Temp\_MEI33442\_socket.pyd
c:\users\Catherine\AppData\Local\Temp\_MEI33442\_ssl.pyd
c:\users\Catherine\AppData\Local\Temp\_MEI33442\msvcp100.dll
c:\users\Catherine\AppData\Local\Temp\_MEI33442\msvcr100.dll
c:\users\Catherine\AppData\Local\Temp\_MEI33442\pyexpat.pyd
c:\users\Catherine\AppData\Local\Temp\_MEI33442\pysqlite2._sqlite.pyd
c:\users\Catherine\AppData\Local\Temp\_MEI33442\python27.dll
c:\users\Catherine\AppData\Local\Temp\_MEI33442\pythoncom27.dll
c:\users\Catherine\AppData\Local\Temp\_MEI33442\PyWinTypes27.dll
c:\users\Catherine\AppData\Local\Temp\_MEI33442\select.pyd
c:\users\Catherine\AppData\Local\Temp\_MEI33442\unicodedata.pyd
c:\users\Catherine\AppData\Local\Temp\_MEI33442\win32api.pyd
c:\users\Catherine\AppData\Local\Temp\_MEI33442\win32com.shell.shell.pyd
c:\users\Catherine\AppData\Local\Temp\_MEI33442\win32crypt.pyd
c:\users\Catherine\AppData\Local\Temp\_MEI33442\win32event.pyd
c:\users\Catherine\AppData\Local\Temp\_MEI33442\win32file.pyd
c:\users\Catherine\AppData\Local\Temp\_MEI33442\win32inet.pyd
c:\users\Catherine\AppData\Local\Temp\_MEI33442\win32pdh.pyd
c:\users\Catherine\AppData\Local\Temp\_MEI33442\win32process.pyd
c:\users\Catherine\AppData\Local\Temp\_MEI33442\win32profile.pyd
c:\users\Catherine\AppData\Local\Temp\_MEI33442\win32security.pyd
c:\users\Catherine\AppData\Local\Temp\_MEI33442\win32ts.pyd
c:\users\Catherine\AppData\Local\Temp\_MEI33442\windows._cacheinvalidation.pyd
c:\users\Catherine\AppData\Local\Temp\_MEI33442\wx._controls_.pyd
c:\users\Catherine\AppData\Local\Temp\_MEI33442\wx._core_.pyd
c:\users\Catherine\AppData\Local\Temp\_MEI33442\wx._gdi_.pyd
c:\users\Catherine\AppData\Local\Temp\_MEI33442\wx._html2.pyd
c:\users\Catherine\AppData\Local\Temp\_MEI33442\wx._misc_.pyd
c:\users\Catherine\AppData\Local\Temp\_MEI33442\wx._windows_.pyd
c:\users\Catherine\AppData\Local\Temp\_MEI33442\wx._wizard.pyd
c:\users\Catherine\AppData\Local\Temp\_MEI33442\wxbase294u_net_vc90.dll
c:\users\Catherine\AppData\Local\Temp\_MEI33442\wxbase294u_vc90.dll
c:\users\Catherine\AppData\Local\Temp\_MEI33442\wxmsw294u_adv_vc90.dll
c:\users\Catherine\AppData\Local\Temp\_MEI33442\wxmsw294u_core_vc90.dll
c:\users\Catherine\AppData\Local\Temp\_MEI33442\wxmsw294u_html_vc90.dll
c:\users\Catherine\AppData\Local\Temp\_MEI33442\wxmsw294u_webview_vc90.dll
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2013-08-24 au 2013-09-24 ))))))))))))))))))))))))))))))))))))
.
.
2013-09-24 21:11 . 2013-09-24 21:11 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-09-24 21:11 . 2013-09-24 21:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-24 03:48 . 2013-09-24 03:48 -------- d-----w- C:\_OTL
2013-09-23 20:46 . 2013-09-16 04:50 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CA78EF94-4090-44DA-AAF7-FE3107D39FD5}\mpengine.dll
2013-09-22 17:34 . 2013-09-22 17:34 -------- d-----w- C:\FRST
2013-09-22 17:22 . 2013-09-16 04:50 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-20 22:51 . 2013-09-21 10:19 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2013-09-20 21:03 . 2013-09-20 21:03 -------- d-----w- c:\programdata\Panda Security
2013-09-20 21:02 . 2013-09-20 21:02 -------- d-----w- c:\program files (x86)\Panda USB Vaccine
2013-09-18 17:26 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-09-18 17:26 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-09-18 17:26 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-09-18 17:26 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-09-18 17:26 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-09-18 17:26 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-09-18 17:26 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-09-18 16:56 . 2013-09-18 16:56 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-09-18 16:56 . 2013-09-18 16:56 -------- d-----w- c:\program files\Microsoft Security Client
2013-09-18 16:22 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-09-18 16:22 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-09-18 00:45 . 2013-09-18 17:36 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-09-18 00:45 . 2009-01-25 17:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2013-09-18 00:45 . 2013-09-18 00:58 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-09-17 18:53 . 2013-09-17 18:53 -------- d-----w- c:\users\Catherine\AppData\Roaming\SUPERAntiSpyware.com
2013-09-17 18:52 . 2013-09-17 18:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-09-17 18:52 . 2013-09-17 18:52 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-09-17 16:24 . 2013-09-17 16:24 -------- d-----w- c:\users\Catherine\AppData\Roaming\AVG2014
2013-09-17 16:23 . 2013-09-17 16:23 -------- d-----w- c:\users\Catherine\AppData\Roaming\TuneUp Software
2013-09-17 16:23 . 2013-09-17 16:35 -------- d-----w- c:\programdata\AVG2014
2013-09-17 16:23 . 2013-09-17 16:23 -------- d-----w- C:\$AVG
2013-09-17 16:23 . 2013-09-17 16:23 -------- d-----w- c:\program files (x86)\AVG
2013-09-17 16:01 . 2013-09-17 16:01 -------- d-----w- c:\programdata\AVAST Software
2013-09-17 16:00 . 2013-09-24 13:54 -------- d-----w- c:\programdata\MFAData
2013-09-17 16:00 . 2013-09-17 16:30 -------- d-----w- c:\users\Catherine\AppData\Local\Avg2014
2013-09-17 16:00 . 2013-09-17 16:00 -------- d--h--w- c:\programdata\Common Files
2013-09-17 16:00 . 2013-09-17 16:00 -------- d-----w- c:\users\Catherine\AppData\Local\MFAData
2013-09-17 15:53 . 2013-09-21 20:11 -------- d-----w- c:\windows\Logs
2013-09-16 18:00 . 2013-09-16 18:00 -------- d-----w- c:\users\Catherine\AppData\Local\Macroplant_LLC
2013-09-16 17:57 . 2013-09-16 17:57 -------- d-----w- c:\program files (x86)\iExplorer
2013-09-11 02:48 . 2013-08-08 01:20 3155456 ----a-w- c:\windows\system32\win32k.sys
2013-09-11 02:48 . 2013-07-26 02:24 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-09-11 02:48 . 2013-07-26 02:24 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-09-06 14:51 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E9CA1573-2866-492F-8C53-7B9D0D5C8B50}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-19 23:08 . 2012-03-31 05:34 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-19 23:08 . 2012-01-07 06:36 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-11 14:54 . 2011-12-30 17:12 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-08-23 03:25 . 2013-08-23 03:25 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-08-23 03:08 . 2013-08-23 03:08 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-08-23 02:55 . 2013-08-23 02:55 241464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-08-23 02:54 . 2013-08-23 02:54 192824 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-08-21 02:53 . 2013-08-21 02:53 123704 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2013-08-02 01:48 . 2013-09-11 02:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-01 20:07 . 2013-08-01 20:07 251192 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2013-08-01 20:06 . 2013-08-01 20:06 147768 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2013-08-01 20:04 . 2013-08-01 20:04 31544 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-07-25 09:25 . 2013-08-14 21:17 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-14 21:17 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-14 21:17 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-14 21:17 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-07-09 22:16 . 2013-07-09 22:16 564824 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-07-09 05:52 . 2013-08-14 21:18 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-14 21:17 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-14 21:18 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-14 21:18 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-14 21:18 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-14 21:17 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-14 21:18 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-14 21:18 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-14 21:18 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-14 21:18 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-07-06 06:03 . 2013-08-14 21:16 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Catherine\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Catherine\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Catherine\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-06-27 20097696]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-01-07 1406248]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-08-26 4851248]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
.
c:\users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Catherine\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE -b -l [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 lxdw_device;lxdw_device;c:\windows\system32\lxdwcoms.exe;c:\windows\SYSNATIVE\lxdwcoms.exe [x]
R2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxebserv.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Inspection du réseau Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [x]
S2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe;c:\windows\SYSNATIVE\lxebcoms.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys;c:\windows\SYSNATIVE\DRIVERS\CeKbFilter.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-20 04:19 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2013-09-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 23:08]
.
2013-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-26 06:25]
.
2013-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-26 06:25]
.
2013-09-17 c:\windows\Tasks\SidebarExecute.job
- c:\program files\Windows Sidebar\sidebar.exe [2010-11-21 03:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Catherine\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Catherine\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Catherine\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Catherine\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-11 11776104]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2011-05-03 150992]
"EzPrint"="c:\program files (x86)\Lexmark Pro200-S500 Series\ezprint.exe" [2010-05-05 148280]
"lxebmon.exe"="c:\program files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe" [2010-05-05 770728]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-21 1356240]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Panda USB Vaccine\USBVaccine.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Heure de fin: 2013-09-24 17:21:12 - La machine a redémarré
ComboFix-quarantined-files.txt 2013-09-24 21:21
.
Avant-CF: 158 392 918 016 octets libres
Après-CF: 158 019 973 120 octets libres
.
- - End Of File - - 76915A7D985EA1797A769783785EBC77
  • 0

#21
vrainewb

vrainewb

    Member

  • Member
  • PipPip
  • 22 posts
Hi again,

I was wondering if you would like to see the Combofix-quarantined-files text file, but then I realized that I also have a quarantine folder from Spybot-S&D filled with stuff I didn't know what to do about when I scanned with it (I even did that twice). There are a few log files in there explaining what is there even if in most case it states "(nothing done)" because like I said I didn't know what to do with those. Anyways there are a bunch of zipped files in there, should I paste the détails about those 2 scans or... just purge the whole thing and never look back hehe?

Thanks a bunch :)
  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 64,765 posts
The combofix quarantine data is included within the log so no requirement for that one, as for Spybot just empty the quarantine as it is no use to man nor beast

Two final bits to remove and then we may be done :) Any further problems apparent ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:Files
c:\program files (x86)\Google\Desktop
c:\users\Catherine\AppData\Local\Google\Desktop

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#23
vrainewb

vrainewb

    Member

  • Member
  • PipPip
  • 22 posts
Hello again,

After the first reboot, the system tray icon thing appears exactly as it was looking before, and gadgets reappeared as well. Windows Update looks fine. I can dl updates through MSEssentials as well. So... from what I can see so far, everything looks perfect. Yay :)

Here's OTL fix text that appeared after running the fix:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
c:\program files (x86)\Google\Desktop folder moved successfully.
c:\users\Catherine\AppData\Local\Google\Desktop folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Catherine
->Temp folder emptied: 71771423 bytes
->Temporary Internet Files folder emptied: 202014892 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 37102894 bytes
->Flash cache emptied: 1588 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 40983 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 4577 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 297.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09252013_121700

Files\Folders moved on Reboot...
C:\Users\Catherine\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Catherine\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\%252529%25253B%2526ccd%253D%252521OQa5NwjN7W4QjobpAxjF6g0gBA..%2526vpid%253D118%2526referrer%253Dhttp%25253A%25252F%25252Fwww.southdeltaonline[10].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\%252529%25253B%2526ccd%253D%252521OQa5NwjN7W4QjobpAxjF6g0gBA..%2526vpid%253D118%2526referrer%253Dhttp%25253A%25252F%25252Fwww.southdeltaonline[11].js not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

---------------------------------------------------------------------------------

And now Quick Scan log:

OTL logfile created on: 9/25/2013 1:00:22 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Catherine\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3.98 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 59.81% Memory free
7.95 Gb Paging File | 6.13 Gb Available in Paging File | 77.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 147.56 Gb Free Space | 49.50% Space Free | Partition Type: NTFS
Drive D: | 297.69 Gb Total Space | 118.67 Gb Free Space | 39.86% Space Free | Partition Type: NTFS

Computer Name: MUMANDDAD | User Name: Catherine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/21 16:48:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Catherine\Desktop\OTL.exe
PRC - [2013/08/27 07:56:14 | 003,534,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2013/08/26 17:31:10 | 004,851,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2013/08/20 23:42:04 | 000,300,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/06/27 16:11:08 | 020,097,696 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/05/24 20:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Catherine\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/05/16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/05/15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/10/02 07:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2011/10/15 04:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/02/01 07:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 07:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/01/14 05:55:14 | 000,572,712 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/12/03 08:57:16 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2010/08/16 04:54:50 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2010/08/04 11:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
PRC - [2010/06/01 17:09:52 | 001,268,808 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
PRC - [2010/05/05 08:58:24 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
PRC - [2010/05/05 08:58:21 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
PRC - [2009/07/28 14:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/03/10 12:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/25 12:30:08 | 001,175,040 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI32602\wx._core_.pyd
MOD - [2013/09/25 12:30:08 | 001,153,024 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI32602\_ssl.pyd
MOD - [2013/09/25 12:30:08 | 000,811,008 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI32602\wx._windows_.pyd
MOD - [2013/09/25 12:30:08 | 000,805,888 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI32602\wx._gdi_.pyd
MOD - [2013/09/25 12:30:08 | 000,735,232 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI32602\wx._misc_.pyd
MOD - [2013/09/25 12:30:08 | 000,711,680 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI32602\_hashlib.pyd
MOD - [2013/09/25 12:30:08 | 000,557,056 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI32602\pysqlite2._sqlite.pyd
MOD - [2013/09/25 12:30:08 | 000,504,832 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI32602\windows._cacheinvalidation.pyd
MOD - [2013/09/25 12:30:08 | 000,364,544 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI32602\pythoncom27.dll
MOD - [2013/09/25 12:30:08 | 000,320,512 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI32602\win32com.shell.shell.pyd
MOD - [2013/09/25 12:30:08 | 000,128,512 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI32602\_elementtree.pyd
MOD - [2013/09/25 12:30:08 | 000,122,368 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI32602\wx._wizard.pyd
MOD - [2013/09/25 12:30:08 | 000,119,808 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI32602\win32file.pyd
MOD - [2013/09/25 12:30:08 | 000,110,080 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI32602\pywintypes27.dll
MOD - [2013/09/25 12:30:08 | 000,108,544 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI32602\win32security.pyd
MOD - [2013/09/25 12:30:08 | 000,098,816 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI32602\win32api.pyd
MOD - [2013/09/25 12:30:08 | 000,087,040 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI32602\_ctypes.pyd
MOD - [2013/09/25 12:30:08 | 000,070,656 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI32602\wx._html2.pyd
MOD - [2013/09/25 12:30:08 | 000,044,032 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI32602\_socket.pyd
MOD - [2013/09/25 12:30:08 | 000,038,912 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI32602\win32inet.pyd
MOD - [2013/09/25 12:30:08 | 000,035,840 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI32602\win32process.pyd
MOD - [2013/09/25 12:30:08 | 000,026,624 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI32602\_multiprocessing.pyd
MOD - [2013/09/25 12:30:08 | 000,025,600 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI32602\win32pdh.pyd
MOD - [2013/09/25 12:30:08 | 000,022,528 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI32602\win32ts.pyd
MOD - [2013/09/25 12:30:08 | 000,017,408 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI32602\win32profile.pyd
MOD - [2013/09/25 12:30:08 | 000,011,264 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI32602\win32crypt.pyd
MOD - [2013/09/25 12:30:04 | 001,062,400 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI32602\wx._controls_.pyd
MOD - [2013/09/25 12:30:04 | 000,127,488 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI32602\pyexpat.pyd
MOD - [2013/09/25 12:30:04 | 000,018,432 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI32602\win32event.pyd
MOD - [2013/09/25 12:30:03 | 000,686,080 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI32602\unicodedata.pyd
MOD - [2013/09/25 12:30:01 | 000,010,240 | ---- | M] () -- C:\Users\CATHER~1\AppData\Local\Temp\_MEI32602\select.pyd
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2013/03/13 16:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Catherine\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/13 19:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Catherine\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2011/11/01 18:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 18:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/05/05 08:58:24 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
MOD - [2010/05/05 08:58:21 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
MOD - [2010/04/05 06:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\epwizard.dll
MOD - [2010/04/05 06:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\customui.dll
MOD - [2010/04/05 06:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\epfunct.dll
MOD - [2010/04/05 06:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\eputil.dll
MOD - [2010/04/05 06:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\imagutil.dll
MOD - [2010/04/01 13:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebdrs.dll
MOD - [2010/04/01 13:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebscw.dll
MOD - [2009/06/23 07:11:03 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\epoemdll.dll
MOD - [2009/06/23 07:10:27 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\epstring.dll
MOD - [2009/06/23 07:09:07 | 002,203,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\epwizres.dll
MOD - [2009/05/27 08:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebdatr.dll
MOD - [2009/04/28 03:56:28 | 000,024,064 | ---- | M] () -- C:\Windows\SysWOW64\LXEBsmr.dll
MOD - [2009/04/07 15:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\iptk.dll
MOD - [2009/03/10 01:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebcaps.dll
MOD - [2009/03/02 10:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebptp.dll
MOD - [2009/02/20 04:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXEBsm.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/06/20 20:33:08 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/06/20 20:33:08 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2013/05/23 16:12:02 | 000,143,120 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/12/09 11:45:26 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/12/08 09:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2010/10/20 08:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 12:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/04/14 15:56:23 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxebcoms.exe -- (lxeb_device)
SRV:64bit: - [2010/04/14 15:56:13 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxebserv.exe -- (lxebCATSCustConnectService)
SRV:64bit: - [2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\svchost.exe -- (RemoteAccess)
SRV - [2013/09/19 19:08:41 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/05 20:41:08 | 000,240,736 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2013/08/27 07:56:14 | 003,534,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/08/20 23:42:04 | 000,300,640 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/02 07:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2011/10/15 04:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/02/11 08:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/02/10 03:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2011/02/01 07:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 07:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/01/14 05:55:14 | 000,572,712 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/04 11:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/04/14 15:56:13 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe -- (lxebCATSCustConnectService)
SRV - [2010/04/14 15:56:01 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxebcoms.exe -- (lxeb_device)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/28 10:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 12:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/22 23:25:44 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/08/22 23:08:14 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/08/22 22:55:04 | 000,241,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/08/22 22:54:54 | 000,192,824 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/08/20 22:53:58 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/08/01 16:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/08/01 16:06:28 | 000,147,768 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013/08/01 16:04:56 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/07/09 18:16:13 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/02/18 09:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/27 07:58:08 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:64bit: - [2011/08/02 12:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 13:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/03 13:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/12 11:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/01/04 19:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 10:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/07/20 11:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/22 04:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 14:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 10:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/19 22:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 08:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {26A80F12-DBF0-429A-B729-BF3D0AF906C9}
IE:64bit: - HKLM\..\SearchScopes\{26A80F12-DBF0-429A-B729-BF3D0AF906C9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {26A80F12-DBF0-429A-B729-BF3D0AF906C9}
IE - HKLM\..\SearchScopes\{26A80F12-DBF0-429A-B729-BF3D0AF906C9}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://toshiba.eu/pl...s?touch=4&cat=1 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-FR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 25 86 05 E5 0A 3A CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{4623C3CD-DFA9-44EA-BBCC-58EEA4CBC0B4}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKCU\..\SearchScopes\{E4967BF9-F967-4E9E-980A-10510A98CE87}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@caminova.com/DjVuPlugin: C:\Program Files (x86)\Caminova\Document Express DjVu Plug-in\npdjvu.dll (Caminova, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2013/07/09 18:11:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Catherine\AppData\Roaming\mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\pdf.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: DjVu Plugin Viewer (Enabled) = C:\Program Files (x86)\Caminova\Document Express DjVu Plug-in\npdjvu.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: Documents Google = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google\u00A0Drive = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: YouTube = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Recherche Google = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_1\
CHR - Extension: Chrome In-App Payments service = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1\
CHR - Extension: Gmail = C:\Users\Catherine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/09/25 12:17:55 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [lxebmon.exe] C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe ()
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - Startup: C:\Users\Catherine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Catherine\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.caminova....le.aspx?lang=en (DjVuCtl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D00D3DC6-BCA2-4CA7-9311-571F1F423FA2}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/24 17:15:18 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/09/24 16:58:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/09/24 16:58:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/09/24 16:58:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/09/24 12:05:13 | 005,130,004 | R--- | C] (Swearware) -- C:\Users\Catherine\Desktop\ComboFix.exe
[2013/09/23 23:48:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/09/22 13:34:21 | 000,000,000 | ---D | C] -- C:\FRST
[2013/09/22 13:14:19 | 001,956,670 | ---- | C] (Farbar) -- C:\Users\Catherine\Desktop\FRST64.exe
[2013/09/21 16:48:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Catherine\Desktop\OTL.exe
[2013/09/20 22:22:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/09/20 20:51:40 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/09/20 19:44:43 | 000,000,000 | ---D | C] -- C:\Users\Catherine\Documents\pour virus et malwares
[2013/09/20 18:51:33 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013/09/20 17:03:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2013/09/20 17:02:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2013/09/20 17:02:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine
[2013/09/18 12:56:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/09/18 12:56:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/09/17 20:47:33 | 000,000,000 | ---D | C] -- C:\Users\Catherine\Documents\ProcAlyzer Dumps
[2013/09/17 20:45:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/09/17 20:45:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/09/17 20:45:20 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/09/17 20:45:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/09/17 14:53:33 | 000,000,000 | ---D | C] -- C:\Users\Catherine\AppData\Roaming\SUPERAntiSpyware.com
[2013/09/17 14:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/09/17 14:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/09/17 14:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/09/17 12:24:08 | 000,000,000 | ---D | C] -- C:\Users\Catherine\AppData\Roaming\AVG2014
[2013/09/17 12:23:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/09/17 12:23:49 | 000,000,000 | ---D | C] -- C:\Users\Catherine\AppData\Roaming\TuneUp Software
[2013/09/17 12:23:35 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2013/09/17 12:23:35 | 000,000,000 | ---D | C] -- C:\$AVG
[2013/09/17 12:23:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013/09/17 12:01:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/09/17 12:00:36 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/09/17 12:00:36 | 000,000,000 | ---D | C] -- C:\Users\Catherine\AppData\Local\MFAData
[2013/09/17 12:00:36 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/09/17 12:00:36 | 000,000,000 | ---D | C] -- C:\Users\Catherine\AppData\Local\Avg2014
[2013/09/17 11:53:22 | 000,000,000 | ---D | C] -- C:\Windows\TEMP
[2013/09/17 11:53:22 | 000,000,000 | ---D | C] -- C:\Windows\Logs
[2013/09/16 14:00:04 | 000,000,000 | ---D | C] -- C:\Users\Catherine\AppData\Local\Macroplant_LLC
[2013/09/16 13:57:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iExplorer
[2013/09/16 13:57:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iExplorer
[2013/08/31 10:45:16 | 000,000,000 | ---D | C] -- C:\Users\Catherine\AppData\Local\{0CADF07A-4244-45D5-81A9-FD2F24321C21}

========== Files - Modified Within 30 Days ==========

[2013/09/25 13:06:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/25 12:57:00 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/25 12:37:26 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/25 12:37:26 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/25 12:29:45 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/25 12:29:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/25 12:29:35 | 3203,735,552 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/25 12:17:55 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/09/25 11:47:00 | 001,549,746 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/25 11:47:00 | 000,704,714 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2013/09/25 11:47:00 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/25 11:47:00 | 000,130,988 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2013/09/25 11:47:00 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/24 12:07:24 | 005,130,004 | R--- | M] (Swearware) -- C:\Users\Catherine\Desktop\ComboFix.exe
[2013/09/22 13:14:25 | 001,956,670 | ---- | M] (Farbar) -- C:\Users\Catherine\Desktop\FRST64.exe
[2013/09/21 16:48:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Catherine\Desktop\OTL.exe
[2013/09/20 10:49:24 | 000,002,190 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/09/18 12:57:56 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/09/17 21:56:43 | 000,000,545 | ---- | M] () -- C:\Windows\wininit.ini
[2013/09/17 20:45:30 | 000,001,386 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/09/17 12:23:54 | 000,000,226 | ---- | M] () -- C:\Windows\tasks\SidebarExecute.job
[2013/09/12 19:37:40 | 000,000,338 | ---- | M] () -- C:\Users\Catherine\Documents\Tetro.cue
[2013/09/12 19:37:16 | 3566,075,903 | ---- | M] () -- C:\Users\Catherine\Documents\Tetro.iso
[2013/09/11 18:49:42 | 000,440,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/09/24 16:58:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/09/24 16:58:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/09/24 16:58:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/09/24 16:58:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/09/24 16:58:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/09/18 12:57:56 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/09/18 12:56:38 | 000,002,124 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/09/17 21:56:43 | 000,000,545 | ---- | C] () -- C:\Windows\wininit.ini
[2013/09/17 20:45:30 | 000,001,398 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/09/17 20:45:30 | 000,001,386 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/09/17 12:23:54 | 000,000,226 | ---- | C] () -- C:\Windows\tasks\SidebarExecute.job
[2013/09/12 19:37:40 | 000,000,338 | ---- | C] () -- C:\Users\Catherine\Documents\Tetro.cue
[2013/09/12 19:04:03 | 3566,075,903 | ---- | C] () -- C:\Users\Catherine\Documents\Tetro.iso
[2012/06/11 04:48:28 | 000,003,584 | ---- | C] () -- C:\Users\Catherine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/31 02:44:47 | 000,000,097 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/12/30 14:45:37 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebinpa.dll
[2011/12/30 14:45:37 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxebcomx.dll
[2011/12/30 14:45:37 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebiesc.dll
[2011/12/30 14:45:37 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXEBinst.dll
[2011/12/30 14:45:37 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lxebinsr.dll
[2011/12/30 14:45:37 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxebjswr.dll
[2011/12/30 14:45:37 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxebcur.dll
[2011/12/30 14:45:36 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebserv.dll
[2011/12/30 14:45:36 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebusb1.dll
[2011/12/30 14:45:36 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebpmui.dll
[2011/12/30 14:45:36 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeblmpm.dll
[2011/12/30 14:45:36 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxebins.dll
[2011/12/30 14:45:36 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxebinsb.dll
[2011/12/30 14:45:36 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxebcu.dll
[2011/12/30 14:45:36 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxebcub.dll
[2011/12/30 14:45:35 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcomc.dll
[2011/12/30 14:45:35 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebhbn3.dll
[2011/12/30 14:45:35 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcoms.exe
[2011/12/30 14:45:35 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcfg.exe
[2011/12/30 14:45:35 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcomm.dll
[2011/12/30 14:45:35 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebih.exe
[2011/12/30 14:42:32 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEBsm.dll
[2011/12/30 14:42:32 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\LXEBsmr.dll
[2011/12/30 14:37:47 | 001,036,288 | ---- | C] () -- C:\Windows\SysWow64\lxdwdrs.dll
[2011/12/30 14:37:47 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdwcaps.dll
[2011/12/30 14:37:47 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdwcnv4.dll
[2011/12/30 12:40:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/12/30 12:15:56 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/12/30 12:15:56 | 000,000,063 | ---- | C] () -- C:\Windows\mdm.ini
[2011/12/30 12:15:52 | 000,000,000 | ---- | C] () -- C:\Windows\NSREX.INI
[2011/09/27 08:21:23 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2011/09/27 08:07:14 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe

========== ZeroAccess Check ==========

[2013/09/20 18:06:21 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/09/17 12:24:08 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\AVG2014
[2013/09/24 17:12:43 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Azureus
[2013/07/09 18:49:58 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\DAEMON Tools Lite
[2013/09/25 12:30:52 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Dropbox
[2013/07/11 22:33:59 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\EAC
[2012/04/20 12:56:19 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2012/05/17 15:37:03 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Garmin
[2013/08/20 15:01:59 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Nico Mak Computing
[2013/07/18 17:47:58 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\OpenCandy
[2013/07/18 17:48:04 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Philipp Winterberg
[2011/12/30 12:47:08 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Toshiba
[2013/09/17 12:23:49 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\TuneUp Software
[2012/05/31 02:44:56 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\WebPlayerBdd
[2013/07/19 13:55:47 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\WildTangent
[2011/12/30 13:20:18 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\WinBatch
[2011/12/31 10:21:20 | 000,000,000 | ---D | M] -- C:\Users\Catherine\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >


Thanks again
  • 0

#24
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 64,765 posts
In that case methinks I will send you on your merry way :)

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button



: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#25
vrainewb

vrainewb

    Member

  • Member
  • PipPip
  • 22 posts
Great! I will do all that... I have a few questions now, but I have to run so I'll ask all that this evening or tomorrow morning.

Anyways, in the mean time thank you very very much, and kudos :)
  • 0
<

Advertisement


#26
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 64,765 posts
Fire away when ready :)
  • 0

#27
vrainewb

vrainewb

    Member

  • Member
  • PipPip
  • 22 posts
Hello again,
I feel kind of stupid because I can't find where to download on the Trusteer website. :/

Anywho, I did update Java, only to disable it, which seems kind of odd, but hey if that's what it takes :)


Well, the last thing I wanted to ask you is about the combination of apps. I mean, now that I'll install Malwarebytes, the superantispyware thing looks unnecessary, for instance. But more precisely... should I use AVG and M Security Essentials? Also, I haven't activated Windows Defender yet (the Firewall is working though... forgot to mention that earlier); should I activate it and what is the difference between Win Defender and MSEssentials?

Hrmm... that's about it; what do you recommend?


Thanks a lot :)
  • 0

#28
vrainewb

vrainewb

    Member

  • Member
  • PipPip
  • 22 posts
Oh yeah... I forgot. I don't need to deactivate Javascript, right?
  • 0

#29
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 64,765 posts
Trusteer download.. https://www.trusteer...rusteer-rapport you will need to select your bank as it is slightly different for each

Windows defender is the same as Malwarebytes an anti-malware programme
MSES is an anti-virus programme so only one antivirus should be running either AVG or MSES

MBAM and SAS are a duplication so really you only need one.

If you do not need Java then to be honest the best bet would be to uninstall totally

On my system I only have Avast running with MBAM as a backup for a monthly run (if I remember :) )

Any further questions just fire away
  • 0

#30
vrainewb

vrainewb

    Member

  • Member
  • PipPip
  • 22 posts

you will need to select your bank as it is slightly different for each


Oddly enough neither of our banks are listed... I'll check that often. Thanks for the link :)

Just to make sure, javascript is ok?


Now, I notice there's a strange thing going on with AVG though. Some suspect behavior I guess. Just now, I was looking at the system tray icon little pop window and I see the AVG icon with an exclamation mark on it. So, I open the app and it tells me that the web component of the app is inactive (it corresponds to something called LinkScanner Surf-Shield). The thing is that I keep activating it. It must be the 4th time I notice that in the last 2 weeks or so. Do you have an idea of what could be causing that?

Thanks
  • 0

Advertisement




Similar Topics: again with IE thinks every download is a virus.. but probably more [So     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured