Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Stupidly clicked an Arvo Part torrent; paying for it [Solved]

Started by NumeroUnoCabron , Oct 02 2015 07:45 PM

  • This topic is locked This topic is locked

#1
NumeroUnoCabron
Posted 02 October 2015 - 07:45 PM

NumeroUnoCabron

    New Member

  • Member
  • Pip
  • 5 posts

Hi, everybody. I need a little help... As the title indicates, I downloaded something I shouldn't have, in spite of my better judgment (domain: bushetorrents.com), and now malware is everywhere. I've run CCleaner, uninstalled some 4 or 5 adware programs, and after noticing that Chrome was missing from my Start Menu's pinned programs (it's always at the very top) and that when opened Chrome redirected to an ad, I knew I had to seek outside help. So below are my logs. Thanks in advance for any and all help.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-09-2015
Ran by Nicolas Chauvin 2.0 (administrator) on SEAN (02-10-2015 18:20:06)
Running from C:\Users\Nicolas Chauvin 2.0\Desktop
Loaded Profiles: Nicolas Chauvin 2.0 (Available Profiles: Nicolas Chauvin 2.0)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Nuance Communications, Inc.) C:\Program Files\Common Files\Nuance\dgnsvc.exe
(Nuance Communications, Inc.) C:\Program Files\Common Files\Nuance\loggerservice.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Spotify Ltd) C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Google Inc.) C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\GoogleUpdate.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Trend Micro Inc.) C:\Users\Nicolas Chauvin 2.0\Downloads\HijackThis (1).exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-06] (Avast Software s.r.o.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2075480 2013-06-24] (Flexera Software LLC.)
HKLM\...\Run: [DNS7reminder] => C:\Program Files\Nuance\NaturallySpeaking13\Ereg\Ereg.exe [325960 2014-05-30] (Nuance Communications, Inc.)
HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\Run: [Spotify Web Helper] => C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2025016 2015-09-21] (Spotify Ltd)
HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\Run: [Google Update] => C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.)
HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2075480 2013-06-24] (Flexera Software LLC.)
HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\Run: [GoogleChromeAutoLaunch_4AC61858F0558DE8AA8B6DCD1AC2375C] => C:\Program Files\Google\Chrome\Application\chrome.exe [815944 2015-09-23] (Google Inc.)
HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\MountPoints2: {c49c2100-1f71-11e5-a841-00269e2d7972} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-02-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-07-01] (Avast Software s.r.o.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
AutoConfigURL: [S-1-5-21-1908793814-2174131667-131035205-1003] => http://stopblock.me/...7b3b4c9b1422691
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{812FE7BD-8B2D-434D-A4F4-911A87B6A792}: [DhcpNameServer] 192.168.0.1 205.171.2.65
Tcpip\..\Interfaces\{E3FF2110-CF1F-43FF-9E7B-B0C35D7E061D}: [DhcpNameServer] 192.168.0.1 205.171.2.25
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggScgFeUV1ARBgRdl0MTA1IFVYOIQEIUBQXQg0WIVtaVloXEgAFIk0FA1ADB0VXfVBdFElXTwhwJVx1DksUc1BQNVVMEnEEQw==
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1908793814-2174131667-131035205-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggScgFeUV1ARBgRdl0MTA1IFVYOIQEIUBQXQg0WIVtaVloXEgAFIk0FA1ADB0VXfVBdFElXTwhwJVx1DksUc1BQNVVMEnEEQw==
SearchScopes: HKLM -> DefaultScope {589B893E-773C-4941-88C2-0DCC718E621C} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQgKWV9BRQRGbQsOBQ1cFQwXIxRZWQlADFNAeAxZA1tGQlMQdR9aFQQTSEcFME0FCFwEURNNfWpdBHQeU1BxJUpNDU0CaUBB&q={searchTerms}
SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQgKWV9BRQRGbQsOBQ1cFQwXIxRZWQlADFNAeAxZA1tGQlMQdR9aFQQTSEcFME0FCFwEURNNfWpdBHQeU1BxJUpNDU0CaUBB&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1908793814-2174131667-131035205-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQgKWV9BRQRGbQsOBQ1cFQwXIxRZWQlADFNAeAxZA1tGQlMQdR9aFQQTSEcFME0FCFwEURNNfWpdBHQeU1BxJUpNDU0CaUBB&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1908793814-2174131667-131035205-1003 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = 
SearchScopes: HKU\S-1-5-21-1908793814-2174131667-131035205-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQgKWV9BRQRGbQsOBQ1cFQwXIxRZWQlADFNAeAxZA1tGQlMQdR9aFQQTSEcFME0FCFwEURNNfWpdBHQeU1BxJUpNDU0CaUBB&q={searchTerms}
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2015-04-20] (Nuance Communications, Inc.)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-03-05] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Mozilla\Firefox\Profiles\3v5gf8jo.default
FF SelectedSearchEngine: Taplika
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-03-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-03-05] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: nuance.com/DgnRia2 -> C:\Program Files\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [2015-04-20] (Nuance Communications, Inc.)
FF Plugin HKU\S-1-5-21-1908793814-2174131667-131035205-1003: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKU\S-1-5-21-1908793814-2174131667-131035205-1003: @talk.google.com/GoogleTalkPlugin -> C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1908793814-2174131667-131035205-1003: @talk.google.com/O1DPlugin -> C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1908793814-2174131667-131035205-1003: @tools.google.com/Google Update;version=3 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-1908793814-2174131667-131035205-1003: @tools.google.com/Google Update;version=9 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: dueeal4reeaL - C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Mozilla\Firefox\Profiles\3v5gf8jo.default\Extensions\[email protected] [2015-05-01]
FF Extension: reealdEAll - C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Mozilla\Firefox\Profiles\3v5gf8jo.default\Extensions\[email protected] [2015-05-01]
FF Extension: turkopticon - C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Mozilla\Firefox\Profiles\3v5gf8jo.default\Extensions\{4324f4a6-3a89-477e-b388-6bca032df78b}.xpi [2014-05-21]
FF Extension: Greasemonkey - C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Mozilla\Firefox\Profiles\3v5gf8jo.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-05-21]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF => not found
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-02]
CHR Extension: (Google Docs) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-16]
CHR Extension: (Google Drive) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-16]
CHR Extension: (YouTube) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-16]
CHR Extension: (Google Search) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-16]
CHR Extension: (Google Sheets) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-02]
CHR Extension: (Google Docs Offline) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-05]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-16]
CHR Extension: (Gmail) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-16]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-01] (Avast Software s.r.o.)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-07-01] (Avast Software)
R2 DragonLoggerService; C:\Program Files\Common Files\Nuance\loggerservice.exe [151616 2015-04-20] (Nuance Communications, Inc.)
R2 DragonSvc; C:\Program Files\Common Files\Nuance\dgnsvc.exe [339008 2015-04-20] (Nuance Communications, Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-07-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-07-01] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-07-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-07-01] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [428120 2015-07-06] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-07-01] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
S3 NETw1v32; C:\Windows\System32\DRIVERS\NETw1v32.sys [5958656 2009-07-20] (Intel Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-07-01] (Avast Software)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-02 18:20 - 2015-10-02 18:20 - 00015666 _____ C:\Users\Nicolas Chauvin 2.0\Desktop\FRST.txt
2015-10-02 18:19 - 2015-10-02 18:20 - 00000000 ____D C:\FRST
2015-10-02 18:19 - 2015-10-02 18:19 - 01696256 _____ (Farbar) C:\Users\Nicolas Chauvin 2.0\Downloads\FRST.exe
2015-10-02 18:19 - 2015-10-02 18:19 - 01696256 _____ (Farbar) C:\Users\Nicolas Chauvin 2.0\Desktop\FRST.exe
2015-10-02 17:42 - 2015-10-02 17:41 - 00388608 _____ (Trend Micro Inc.) C:\Users\Nicolas Chauvin 2.0\Desktop\HijackThis (1).exe
2015-10-02 17:41 - 2015-10-02 17:41 - 00388608 _____ (Trend Micro Inc.) C:\Users\Nicolas Chauvin 2.0\Downloads\HijackThis (1).exe
2015-10-02 17:36 - 2015-10-02 17:36 - 00055104 _____ C:\Users\Nicolas Chauvin 2.0\Documents\cc_20151002_173616.reg
2015-10-02 17:29 - 2015-10-02 17:29 - 00000900 _____ C:\Windows\system32\${LOGFILE}
2015-10-02 17:26 - 2015-10-02 17:34 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\WTools
2015-10-02 17:26 - 2015-10-02 17:33 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Store
2015-10-02 17:26 - 2015-10-02 17:26 - 00000078 _____ C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\WindApp.installation.log
2015-10-02 17:26 - 2015-10-02 17:26 - 00000078 _____ C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Selection Tools.installation.log
2015-10-02 17:24 - 2015-10-02 17:29 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Nosibay
2015-10-02 17:24 - 2015-10-02 17:26 - 00001272 _____ C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Bubble Dock.boostrap.log
2015-10-02 17:24 - 2015-10-02 17:25 - 00005796 _____ C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Bubble Dock.installation.log
2015-10-02 17:24 - 2015-10-02 17:24 - 00000097 _____ C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\WindApp.boostrap.log
2015-10-02 17:21 - 2015-10-02 17:23 - 03848256 _____ (Factory Choco LLC) C:\Users\Nicolas Chauvin 2.0\Downloads\Arvo_Part_-_28_Albuns_FLAC_downloader.exe
2015-09-23 15:49 - 2015-09-23 15:49 - 00019041 _____ C:\Users\Nicolas Chauvin 2.0\Downloads\Graphs.xlsx.xlsx
2015-09-23 15:48 - 2015-09-23 15:48 - 00012093 _____ C:\Users\Nicolas Chauvin 2.0\Downloads\Instructions_Graph (1).xlsx
2015-09-22 19:39 - 2015-09-22 19:39 - 00005969 _____ C:\Users\Nicolas Chauvin 2.0\Downloads\Whatever (1).xlsx
2015-09-22 19:37 - 2015-09-22 19:37 - 00005969 _____ C:\Users\Nicolas Chauvin 2.0\Downloads\Whatever.xlsx
2015-09-18 16:00 - 2015-09-18 16:00 - 00012093 _____ C:\Users\Nicolas Chauvin 2.0\Downloads\Instructions_Graph.xlsx
2015-09-18 13:04 - 2015-09-18 19:10 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\dasher.rc
2015-09-18 13:03 - 2015-09-18 13:03 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dasher 4.11
2015-09-18 13:03 - 2015-09-18 13:03 - 00000000 ____D C:\Program Files\Dasher
2015-09-18 12:58 - 2015-09-18 12:59 - 09722076 _____ C:\Users\Nicolas Chauvin 2.0\Downloads\Dasher 4.11.msi
2015-09-08 17:16 - 2015-08-05 10:41 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-08 17:16 - 2015-08-05 10:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-08 17:16 - 2015-08-05 10:40 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-09-08 17:16 - 2015-08-04 10:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-08 17:16 - 2015-08-04 10:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-08 17:16 - 2015-08-04 10:47 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-08 17:16 - 2015-08-04 10:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-08 17:16 - 2015-08-04 10:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-08 17:16 - 2015-08-04 09:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-08 17:15 - 2015-09-01 19:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-08 17:15 - 2015-09-01 19:48 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-08 17:15 - 2015-09-01 19:48 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-08 17:15 - 2015-09-01 19:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-08 17:15 - 2015-09-01 18:36 - 02384896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-08 17:15 - 2015-09-01 18:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-08 17:15 - 2015-08-26 10:56 - 02953728 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-08 17:15 - 2015-08-26 10:56 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-08 17:15 - 2015-08-26 10:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-08 17:15 - 2015-08-26 10:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-08 17:15 - 2015-08-26 10:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-08 17:15 - 2015-08-26 10:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-08 17:15 - 2015-08-26 10:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-08 17:15 - 2015-08-26 10:55 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-08 17:15 - 2015-08-26 10:55 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-08 17:15 - 2015-08-26 10:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-08 17:15 - 2015-08-26 10:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-08 17:15 - 2015-08-17 18:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-08 17:15 - 2015-08-14 23:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-08 17:15 - 2015-08-14 22:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-08 17:15 - 2015-08-14 22:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-08 17:15 - 2015-08-14 22:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-08 17:15 - 2015-08-14 22:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-08 17:15 - 2015-08-14 22:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-08 17:15 - 2015-08-14 22:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-08 17:15 - 2015-08-14 22:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-08 17:15 - 2015-08-14 22:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-08 17:15 - 2015-08-14 22:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-08 17:15 - 2015-08-14 22:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-08 17:15 - 2015-08-14 22:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-08 17:15 - 2015-08-14 22:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-08 17:15 - 2015-08-14 22:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-08 17:15 - 2015-08-14 22:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-08 17:15 - 2015-08-14 22:29 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-08 17:15 - 2015-08-14 22:24 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-08 17:15 - 2015-08-14 22:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-08 17:15 - 2015-08-14 22:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-08 17:15 - 2015-08-14 22:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-08 17:15 - 2015-08-14 22:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-08 17:15 - 2015-08-14 22:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-08 17:15 - 2015-08-14 22:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-08 17:15 - 2015-08-14 22:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-08 17:15 - 2015-08-14 22:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-08 17:15 - 2015-08-14 22:02 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-08 17:15 - 2015-08-14 22:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-08 17:15 - 2015-08-14 22:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-08 17:15 - 2015-08-14 21:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-08 17:15 - 2015-08-14 21:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-08 17:15 - 2015-08-14 21:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-08 17:15 - 2015-07-14 19:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-02 18:12 - 2014-05-26 00:07 - 00000984 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003UA.job
2015-10-02 18:02 - 2009-07-13 21:34 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-02 18:02 - 2009-07-13 21:34 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-02 18:00 - 2014-02-14 15:04 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-02 17:55 - 2014-05-14 15:31 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-02 17:39 - 2015-01-19 15:47 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-02 17:38 - 2015-01-19 15:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-02 17:38 - 2015-01-19 15:47 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-10-02 17:28 - 2015-01-19 16:10 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-10-02 17:28 - 2014-02-23 14:51 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\uTorrent
2015-10-02 17:26 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\system32\GroupPolicy
2015-10-02 17:24 - 2014-02-16 11:52 - 00001505 _____ C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-02 17:14 - 2015-08-20 18:39 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\Desktop\Statistics
2015-10-02 12:22 - 2014-02-01 17:55 - 01689666 ____N C:\Windows\WindowsUpdate.log
2015-10-02 12:00 - 2014-02-14 15:04 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-02 11:52 - 2014-04-27 22:39 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003Core.job
2015-10-02 11:00 - 2009-07-13 21:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-01 19:00 - 2014-02-16 12:12 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Local\Spotify
2015-10-01 18:28 - 2014-02-16 12:12 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Spotify
2015-09-30 19:11 - 2015-09-01 19:41 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\Desktop\Intro to Social Work
2015-09-30 01:14 - 2014-05-26 00:07 - 00000962 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003Core.job
2015-09-29 17:54 - 2015-08-22 16:28 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\Desktop\Social Work Philosophy
2015-09-18 16:47 - 2014-02-16 11:52 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Local\VirtualStore
2015-09-17 16:28 - 2015-08-22 22:24 - 00378993 _____ C:\Users\Apps\creator-about-modals.spa
2015-09-17 16:28 - 2015-08-11 13:56 - 01867297 _____ C:\Users\Apps\musixmatch-lyrics-cp.spa
2015-09-17 16:28 - 2015-08-11 13:56 - 00449780 _____ C:\Users\snapshot_blob.bin
2015-09-17 16:28 - 2015-08-11 13:56 - 00410937 _____ C:\Users\natives_blob.bin
2015-09-17 16:28 - 2015-05-27 20:29 - 00607382 _____ C:\Users\Apps\local-files-desktop.spa
2015-09-17 16:28 - 2015-05-13 12:31 - 00195849 _____ C:\Users\Apps\hub.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 45067320 _____ C:\Users\libcef.dll
2015-09-17 16:28 - 2015-03-31 13:13 - 10207504 _____ C:\Users\icudtl.dat
2015-09-17 16:28 - 2015-03-31 13:13 - 07535672 _____ (Spotify Ltd) C:\Users\Spotify.exe
2015-09-17 16:28 - 2015-03-31 13:13 - 04487782 _____ C:\Users\devtools_resources.pak
2015-09-17 16:28 - 2015-03-31 13:13 - 03457592 _____ (Microsoft Corporation) C:\Users\d3dcompiler_47.dll
2015-09-17 16:28 - 2015-03-31 13:13 - 02184260 _____ C:\Users\cef.pak
2015-09-17 16:28 - 2015-03-31 13:13 - 02157553 _____ C:\Users\Apps\glue-resources.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 02106424 _____ (Microsoft Corporation) C:\Users\d3dcompiler_43.dll
2015-09-17 16:28 - 2015-03-31 13:13 - 02018360 _____ (Spotify Ltd) C:\Users\SpotifyWebHelper.exe
2015-09-17 16:28 - 2015-03-31 13:13 - 01649208 _____ C:\Users\libGLESv2.dll
2015-09-17 16:28 - 2015-03-31 13:13 - 00967736 _____ (The Chromium Authors) C:\Users\ffmpegsumo.dll
2015-09-17 16:28 - 2015-03-31 13:13 - 00900495 _____ C:\Users\Apps\zlink.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00839224 _____ (Spotify Ltd) C:\Users\SpotifyCrashService.exe
2015-09-17 16:28 - 2015-03-31 13:13 - 00768038 _____ C:\Users\Apps\playlist-desktop.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00761075 _____ C:\Users\Apps\artist.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00750083 _____ C:\Users\Apps\browse.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00622967 _____ C:\Users\cef_200_percent.pak
2015-09-17 16:28 - 2015-03-31 13:13 - 00555515 _____ C:\Users\Apps\genre.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00549988 _____ C:\Users\Apps\notification-center.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00538456 _____ C:\Users\Apps\settings.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00528578 _____ C:\Users\Apps\collection.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00520851 _____ C:\Users\Apps\collection-artist.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00520120 _____ C:\Users\Apps\discover.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00488825 _____ C:\Users\Apps\album.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00487229 _____ C:\Users\Apps\article.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00478891 _____ C:\Users\Apps\messages.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00468951 _____ C:\Users\cef_100_percent.pak
2015-09-17 16:28 - 2015-03-31 13:13 - 00466223 _____ C:\Users\Apps\collection-album.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00456502 _____ C:\Users\Apps\social-feed.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00453236 _____ C:\Users\Apps\charts.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00398127 _____ C:\Users\Apps\zlogin.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00395528 _____ C:\Users\Apps\collection-songs.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00387716 _____ C:\Users\Apps\social-chart.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00369607 _____ C:\Users\Apps\buddy-list.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00336806 _____ C:\Users\Apps\radio.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00321096 _____ C:\Users\Apps\chart.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00285977 _____ C:\Users\Apps\folder.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00277789 _____ C:\Users\Apps\share.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00261124 _____ C:\Users\Apps\zlink-queue.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00246967 _____ C:\Users\Apps\profile.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00236915 _____ C:\Users\Apps\search.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00218391 _____ C:\Users\Apps\findfriends.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00186702 _____ C:\Users\Apps\suggest.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00158229 _____ C:\Users\Apps\follow.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00098360 _____ (Spotify Ltd) C:\Users\SpotifyLauncher.exe
2015-09-17 16:28 - 2015-03-31 13:13 - 00088762 _____ C:\Users\Apps\about.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00080952 _____ C:\Users\libEGL.dll
2015-09-17 16:28 - 2015-03-31 13:13 - 00078348 _____ C:\Users\Apps\error.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00073272 _____ C:\Users\wow_helper.exe
2015-09-17 16:28 - 2015-03-31 13:13 - 00053462 _____ C:\Users\Apps\ad.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00050934 _____ C:\Users\Apps\licenses.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00014086 _____ C:\Users\locales\en-US.pak
2015-09-17 16:28 - 2015-03-31 13:13 - 00009273 _____ C:\Users\locales\el.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00008384 _____ C:\Users\locales\ru.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00008121 _____ C:\Users\locales\ja.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007783 _____ C:\Users\locales\fr-CA.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007735 _____ C:\Users\locales\hu.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007669 _____ C:\Users\locales\pl.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007662 _____ C:\Users\locales\fr.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007627 _____ C:\Users\locales\fi.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007542 _____ C:\Users\locales\es-419.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007515 _____ C:\Users\locales\nl.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007499 _____ C:\Users\locales\es.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007490 _____ C:\Users\locales\de.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007475 _____ C:\Users\locales\it.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007461 _____ C:\Users\locales\tr.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007404 _____ C:\Users\locales\zsm.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007402 _____ C:\Users\locales\pt-BR.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007385 _____ C:\Users\locales\sv.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007290 _____ C:\Users\locales\zh-Hant.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007133 _____ C:\Users\locales\arb.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007062 _____ C:\Users\locales\en.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00000020 _____ C:\Users\inst_ver.dat
2015-09-17 16:28 - 2015-03-31 13:13 - 00000000 ____D C:\Users\locales
2015-09-17 16:28 - 2015-03-31 13:13 - 00000000 _____ C:\Users\Nicolas.redir
2015-09-14 11:47 - 2014-04-27 22:39 - 00000964 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003UA.job
2015-09-12 21:14 - 2015-03-10 19:27 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\vlc
2015-09-12 19:12 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\rescache
2015-09-10 19:15 - 2015-03-31 13:13 - 02332541 _____ C:\Users\Apps\musixmatch-lyrics.spa
2015-09-09 13:12 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-09-09 11:51 - 2009-07-13 21:33 - 00284336 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-09 11:49 - 2009-07-14 00:50 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-06 14:47 - 2015-08-22 11:34 - 00000000 ____D C:\ProgramData\TEMP
2015-09-06 14:29 - 2015-08-22 12:49 - 00000955 _____ C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\SAS7_000.DAT
 
==================== Files in the root of some directories =======
 
2015-02-15 18:25 - 2015-06-16 14:39 - 0000020 _____ () C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\appdataFr3.bin
2015-10-02 17:24 - 2015-10-02 17:26 - 0001272 _____ () C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Bubble Dock.boostrap.log
2015-10-02 17:24 - 2015-10-02 17:25 - 0005796 _____ () C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Bubble Dock.installation.log
2015-08-22 12:49 - 2015-09-06 14:29 - 0000955 _____ () C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\SAS7_000.DAT
2015-10-02 17:26 - 2015-10-02 17:26 - 0000078 _____ () C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Selection Tools.installation.log
2015-01-25 18:42 - 2015-01-26 19:24 - 0000057 _____ () C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\WB.CFG
2015-10-02 17:24 - 2015-10-02 17:24 - 0000097 _____ () C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\WindApp.boostrap.log
2015-10-02 17:26 - 2015-10-02 17:26 - 0000078 _____ () C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\WindApp.installation.log
2015-01-25 17:44 - 2015-01-25 17:44 - 0000088 _____ () C:\Users\Nicolas Chauvin 2.0\AppData\Local\85bd28a4d10dcb2bd84f89b8a4988f91
2014-12-02 14:02 - 2015-01-19 13:53 - 0000112 _____ () C:\ProgramData\vN5D1Ch.dat
 
Some files in TEMP:
====================
C:\Users\Nicolas Chauvin 2.0\AppData\Local\Temp\2Wbm7Q0or8.exe
C:\Users\Nicolas Chauvin 2.0\AppData\Local\Temp\eLNNGHpgG1.exe
C:\Users\Nicolas Chauvin 2.0\AppData\Local\Temp\kw6HU1kvtb.exe
C:\Users\Nicolas Chauvin 2.0\AppData\Local\Temp\zWXxcl6rn4.exe
C:\Users\Nicolas Chauvin 2.0\AppData\Local\Temp\{47972ABB-E1E0-488C-BA2E-7ADF16B0B808}.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-01 12:24
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:30-09-2015
Ran by Nicolas Chauvin 2.0 (2015-10-02 18:21:01)
Running from C:\Users\Nicolas Chauvin 2.0\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2014-02-01 23:22:39)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1908793814-2174131667-131035205-500 - Administrator - Disabled)
Guest (S-1-5-21-1908793814-2174131667-131035205-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1908793814-2174131667-131035205-1002 - Limited - Enabled)
Nicolas Chauvin 2.0 (S-1-5-21-1908793814-2174131667-131035205-1003 - Administrator - Enabled) => C:\Users\Nicolas Chauvin 2.0
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\uTorrent) (Version: 3.4.5.41073 - BitTorrent Inc.)
7-Zip 9.22beta (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\Amazon Kindle) (Version:  - Amazon)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Dasher 4.11 (HKLM\...\{BD8ECD28-2D32-11DF-8D17-000423472618}) (Version: 4.11 - The Dasher Project)
Dragon NaturallySpeaking 13 (HKLM\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FastStone Image Viewer 4.9 (HKLM\...\FastStone Image Viewer) (Version: 4.9 - FastStone Soft)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Talk Plugin (HKLM\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OpenOffice 4.1.1 (HKLM\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Skype™ 7.6 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
SoulseekQt (HKLM\...\SoulseekQt) (Version:  - )
Spotify (HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\Spotify) (Version: 1.0.14.124.g4dfabc51 - Spotify AB)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
System Requirements Lab for Intel (HKLM\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
TerminusSupport (HKLM\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{5c7da84}) (Version:  - Software Publisher) <==== ATTENTION
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Yawcam 0.4.1 (HKLM\...\{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1908793814-2174131667-131035205-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1908793814-2174131667-131035205-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1908793814-2174131667-131035205-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1908793814-2174131667-131035205-1003_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1908793814-2174131667-131035205-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1908793814-2174131667-131035205-1003_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1908793814-2174131667-131035205-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1908793814-2174131667-131035205-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1908793814-2174131667-131035205-1003_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\1.3.28.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1908793814-2174131667-131035205-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1908793814-2174131667-131035205-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\1.3.28.15\psuser.dll (Google Inc.)
 
==================== Restore Points =========================
 
31-07-2015 11:20:40 Windows Update
04-08-2015 11:41:45 Windows Update
07-08-2015 11:57:29 Windows Update
11-08-2015 14:37:19 Windows Update
11-08-2015 19:32:33 Windows Update
13-08-2015 20:19:39 Windows Update
14-08-2015 13:55:18 Windows Update
18-08-2015 15:11:01 Windows Update
19-08-2015 00:49:07 Windows Update
22-08-2015 11:09:19 Installato Dragon NaturallySpeaking 13.
24-08-2015 00:30:55 Windows Update
24-08-2015 21:02:40 Windows Update
28-08-2015 15:15:11 Windows Update
01-09-2015 11:29:36 Windows Update
04-09-2015 12:29:34 Windows Update
08-09-2015 17:04:59 Windows Update
08-09-2015 20:52:41 Windows Update
09-09-2015 11:39:12 Windows Modules Installer
09-09-2015 11:41:51 Windows Modules Installer
09-09-2015 11:43:04 Windows Modules Installer
15-09-2015 11:56:38 Windows Update
18-09-2015 12:18:08 Windows Update
18-09-2015 13:03:01 Installed Dasher 4.11
22-09-2015 11:29:45 Windows Update
25-09-2015 11:34:14 Windows Update
29-09-2015 12:05:20 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:04 - 2009-06-10 14:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00A7F804-51DB-4063-BF89-74627DE7785E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {2D16EC58-843E-4EC3-92A0-F7AF05F1E0D7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003UA => C:\Users\Nicolas Chauvin 2.0\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {47F9D221-25EE-4473-8379-AD6B8D03A8E2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {4B4D25FC-605B-44D6-84D1-E32E7A83B967} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003Core => C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {5F3EFF5F-D6AA-4569-AD62-330BFB845505} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {BAE0758B-7E55-4560-ACE9-832601DA56D5} - System32\Tasks\{325CAAEB-EA0E-4A9C-BC9B-60E0D2110F58} => pcalua.exe -a "C:\Users\Nicolas Chauvin 2.0\Downloads\win7_1512754.exe" -d "C:\Users\Nicolas Chauvin 2.0\Downloads"
Task: {C5B9534D-D699-43BD-B9A2-4A8B2BE2FB00} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-01] (Avast Software s.r.o.)
Task: {ECC0DB03-FAC1-417A-A3EA-E8361DCAC522} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {F124AFCA-D217-4648-8A8F-613A2A2C75AC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003UA => C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {F923D5AB-F0B9-4E4B-9448-1E2AE1826987} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003Core => C:\Users\Nicolas Chauvin 2.0\AppData\Local\Facebook\Update\FacebookUpdate.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003Core.job => C:\Users\Nicolas Chauvin 2.0\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003UA.job => C:\Users\Nicolas Chauvin 2.0\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003Core.job => C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003UA.job => C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-01 12:09 - 2015-07-01 12:09 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-01 12:09 - 2015-07-01 12:09 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-10-01 11:53 - 2015-10-01 11:53 - 02966528 _____ () C:\Program Files\AVAST Software\Avast\defs\15100102\algo.dll
2015-10-02 11:00 - 2015-10-02 11:00 - 02966528 _____ () C:\Program Files\AVAST Software\Avast\defs\15100202\algo.dll
2015-07-01 12:09 - 2015-07-01 12:10 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-09-25 17:03 - 2015-09-23 19:34 - 01501512 _____ () C:\Program Files\Google\Chrome\Application\45.0.2454.101\libglesv2.dll
2015-09-25 17:03 - 2015-09-23 19:34 - 00081224 _____ () C:\Program Files\Google\Chrome\Application\45.0.2454.101\libegl.dll
2015-09-25 17:03 - 2015-09-23 19:34 - 00310088 _____ () C:\Program Files\Google\Chrome\Application\45.0.2454.101\libexif.dll
2015-09-25 17:03 - 2015-09-23 19:34 - 16487752 _____ () C:\Program Files\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\123simsen.com -> www.123simsen.com
 
There are 7865 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1908793814-2174131667-131035205-1003\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.0.1 - 205.171.2.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{7DA5F9A7-3ED9-4461-BF37-14F5C7A17766}C:\users\nicolas chauvin 2.0\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nicolas chauvin 2.0\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C0257C3F-5C44-4AF4-A41D-13E50E1253FD}C:\users\nicolas chauvin 2.0\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nicolas chauvin 2.0\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{2D81C637-A96E-4E56-969F-3EC145BE7032}C:\users\nicolas chauvin 2.0\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nicolas chauvin 2.0\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{D9B83318-8B64-4E92-8C49-51E04B097B5A}C:\users\nicolas chauvin 2.0\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nicolas chauvin 2.0\appdata\roaming\spotify\spotify.exe
FirewallRules: [{74CC395B-2174-40CA-9DAA-5A1209DA8BEC}] => (Allow) C:\Users\Nicolas Chauvin 2.0\Downloads\uTorrent.exe
FirewallRules: [{55A3651B-27F0-45AD-A4D0-93C8E59DAC6B}] => (Allow) C:\Users\Nicolas Chauvin 2.0\Downloads\uTorrent.exe
FirewallRules: [TCP Query User{B3EF1DFE-E1C9-436D-A303-8C21B54381F0}C:\program files\soulseekqt\soulseekqt.exe] => (Allow) C:\program files\soulseekqt\soulseekqt.exe
FirewallRules: [UDP Query User{7A464496-EBAC-493D-9435-A5982E59ABB9}C:\program files\soulseekqt\soulseekqt.exe] => (Allow) C:\program files\soulseekqt\soulseekqt.exe
FirewallRules: [{17221E1A-895C-42D6-B041-2407B2E51011}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{88BC5C3F-43B1-440B-B73F-05EA92D5FD2E}] => (Allow) C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FE9A5EFE-AAE1-4FD5-BA50-92FBD4D325ED}] => (Allow) C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CDFC59BF-3EB7-416D-9DF3-7204B7B76BE5}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{F662122A-041A-4ECD-A5AC-F056C90637C7}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{8D230368-2F7F-489B-A91C-FFAB3075F854}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{F3EDBA89-5C93-4DDC-8C2A-505F1248BB44}] => (Allow) LPort=51001
FirewallRules: [{04A4B077-A583-4160-A37A-5076B6CF8E3F}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/02/2015 05:30:19 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054
 
Error: (10/02/2015 05:26:44 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054
 
Error: (10/02/2015 12:07:13 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
 
Error: (10/01/2015 08:24:58 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054
 
Error: (10/01/2015 12:26:35 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
 
Error: (09/30/2015 07:46:49 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054
 
Error: (09/29/2015 07:14:03 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054
 
Error: (09/28/2015 08:39:09 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
 
Error: (09/28/2015 01:06:26 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054
 
Error: (09/27/2015 05:58:32 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054
 
 
System errors:
=============
Error: (09/25/2015 11:27:36 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (09/25/2015 11:27:00 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {FE9617F6-E606-42AA-BECC-0E9CDA246D63}
 
Error: (09/25/2015 11:26:59 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}
 
Error: (09/25/2015 02:00:32 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}
 
Error: (09/25/2015 02:00:28 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (09/18/2015 06:54:20 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HomeGroupListener service.
 
Error: (09/12/2015 12:50:18 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EFS service.
 
Error: (09/08/2015 08:52:30 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (08/25/2015 05:36:01 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
 
Error: (08/24/2015 09:02:37 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 63%
Total physical RAM: 2974.93 MB
Available physical RAM: 1090.39 MB
Total Virtual: 5948.16 MB
Available Virtual: 3717.91 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:285.77 GB) (Free:24.94 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:12.12 GB) (Free:2.04 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.13 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E7E8E0A0)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=285.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.1 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Edited by NumeroUnoCabron, 02 October 2015 - 07:51 PM.

  • 0

Advertisements

#2
Essexboy
Posted 03 October 2015 - 05:10 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi could you let me know how the computer is after this

Re-install Chrome

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants. We need to resolve this.

1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome.
Note: When asked about user data or settings you must remove this also so please check the box.
5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
6. Import your bookmarks back into Chrome
7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
AutoConfigURL: [S-1-5-21-1908793814-2174131667-131035205-1003] => http://stopblock.me/...7b3b4c9b1422691
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggScgFeUV1ARBgRdl0MTA1IFVYOIQEIUBQXQg0WIVtaVloXEgAFIk0FA1ADB0VXfVBdFElXTwhwJVx1DksUc1BQNVVMEnEEQw==
HKU\S-1-5-21-1908793814-2174131667-131035205-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggScgFeUV1ARBgRdl0MTA1IFVYOIQEIUBQXQg0WIVtaVloXEgAFIk0FA1ADB0VXfVBdFElXTwhwJVx1DksUc1BQNVVMEnEEQw==
SearchScopes: HKLM -> DefaultScope {589B893E-773C-4941-88C2-0DCC718E621C} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQgKWV9BRQRGbQsOBQ1cFQwXIxRZWQlADFNAeAxZA1tGQlMQdR9aFQQTSEcFME0FCFwEURNNfWpdBHQeU1BxJUpNDU0CaUBB&q={searchTerms}
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQgKWV9BRQRGbQsOBQ1cFQwXIxRZWQlADFNAeAxZA1tGQlMQdR9aFQQTSEcFME0FCFwEURNNfWpdBHQeU1BxJUpNDU0CaUBB&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1908793814-2174131667-131035205-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQgKWV9BRQRGbQsOBQ1cFQwXIxRZWQlADFNAeAxZA1tGQlMQdR9aFQQTSEcFME0FCFwEURNNfWpdBHQeU1BxJUpNDU0CaUBB&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1908793814-2174131667-131035205-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQgKWV9BRQRGbQsOBQ1cFQwXIxRZWQlADFNAeAxZA1tGQlMQdR9aFQQTSEcFME0FCFwEURNNfWpdBHQeU1BxJUpNDU0CaUBB&q={searchTerms}
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
FF Extension: dueeal4reeaL - C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Mozilla\Firefox\Profiles\3v5gf8jo.default\Extensions\[email protected] [2015-05-01]
FF Extension: reealdEAll - C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Mozilla\Firefox\Profiles\3v5gf8jo.default\Extensions\[email protected] [2015-05-01]
FF Extension: turkopticon - C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Mozilla\Firefox\Profiles\3v5gf8jo.default\Extensions\{4324f4a6-3a89-477e-b388-6bca032df78b}.xpi [2014-05-21]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF => not found
2015-01-25 17:44 - 2015-01-25 17:44 - 0000088 _____ () C:\Users\Nicolas Chauvin 2.0\AppData\Local\85bd28a4d10dcb2bd84f89b8a4988f91
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
CreateRestorePoint:
Reg: reg delete "HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad" /f
Reg: reg delete "HKEY_USERS\S-1-5-21-3016000360-1041427054-1883944200-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad" /f
Reg: reg add "HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad" /f
Reg: reg add "HKEY_USERS\S-1-5-21-3016000360-1041427054-1883944200-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad" /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#3
NumeroUnoCabron
Posted 03 October 2015 - 04:19 PM

NumeroUnoCabron

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Thank you so much for the reply. Since the initial post, I've removed a virus independently, one called "esurf.biz", using this method. That got rid of most of the symptoms but until you suggested reinstalling Chrome I couldn't figure out why the browser was still acting so funny (e.g., occasionally redirecting, buggy launcher app, etc.). Now it's acting normal again after reinstalling. 

 

I don't want to take your above-mention action since the system has been changed after so many adware removal scan/fixes. Below are fresh Farbar logs if you want to check everything out again. I imagine there is leftover debris after that mess.

 

Again, thank you for the help.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-10-2015
Ran by Nicolas Chauvin 2.0 (administrator) on SEAN (03-10-2015 14:57:10)
Running from C:\Users\Nicolas Chauvin 2.0\Documents\Security
Loaded Profiles: Nicolas Chauvin 2.0 (Available Profiles: Nicolas Chauvin 2.0)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Nuance Communications, Inc.) C:\Program Files\Common Files\Nuance\dgnsvc.exe
(Nuance Communications, Inc.) C:\Program Files\Common Files\Nuance\loggerservice.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Spotify Ltd) C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Google Inc.) C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\GoogleUpdate.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\45.0.2454.101\Installer\chrmstp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-06] (Avast Software s.r.o.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2075480 2013-06-24] (Flexera Software LLC.)
HKLM\...\Run: [DNS7reminder] => C:\Program Files\Nuance\NaturallySpeaking13\Ereg\Ereg.exe [325960 2014-05-30] (Nuance Communications, Inc.)
HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\Run: [Spotify Web Helper] => C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2025016 2015-09-21] (Spotify Ltd)
HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\Run: [Google Update] => C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.)
HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2075480 2013-06-24] (Flexera Software LLC.)
HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\MountPoints2: {c49c2100-1f71-11e5-a841-00269e2d7972} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-02-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-07-01] (Avast Software s.r.o.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{812FE7BD-8B2D-434D-A4F4-911A87B6A792}: [DhcpNameServer] 192.168.0.1 205.171.2.65
Tcpip\..\Interfaces\{E3FF2110-CF1F-43FF-9E7B-B0C35D7E061D}: [DhcpNameServer] 192.168.0.1 205.171.2.25
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1908793814-2174131667-131035205-1003 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = 
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2015-04-20] (Nuance Communications, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-03-05] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Mozilla\Firefox\Profiles\3v5gf8jo.default
FF SelectedSearchEngine: Taplika
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-03-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-03-05] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-03] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-03] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: nuance.com/DgnRia2 -> C:\Program Files\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [2015-04-20] (Nuance Communications, Inc.)
FF Plugin HKU\S-1-5-21-1908793814-2174131667-131035205-1003: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKU\S-1-5-21-1908793814-2174131667-131035205-1003: @talk.google.com/GoogleTalkPlugin -> C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1908793814-2174131667-131035205-1003: @talk.google.com/O1DPlugin -> C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1908793814-2174131667-131035205-1003: @tools.google.com/Google Update;version=3 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-1908793814-2174131667-131035205-1003: @tools.google.com/Google Update;version=9 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: turkopticon - C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Mozilla\Firefox\Profiles\3v5gf8jo.default\Extensions\{4324f4a6-3a89-477e-b388-6bca032df78b}.xpi [2014-05-21]
FF Extension: Greasemonkey - C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Mozilla\Firefox\Profiles\3v5gf8jo.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-05-21]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF => not found
 
Chrome: 
=======
CHR Profile: C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-03]
CHR Extension: (Google Docs) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-03]
CHR Extension: (Google Drive) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-03]
CHR Extension: (YouTube) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-03]
CHR Extension: (Google Search) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-03]
CHR Extension: (Google Sheets) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-03]
CHR Extension: (Google Docs Offline) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-03]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2015-10-03]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-10-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-03]
CHR Extension: (Gmail) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-03]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-01] (Avast Software s.r.o.)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-07-01] (Avast Software)
R2 DragonLoggerService; C:\Program Files\Common Files\Nuance\loggerservice.exe [151616 2015-04-20] (Nuance Communications, Inc.)
R2 DragonSvc; C:\Program Files\Common Files\Nuance\dgnsvc.exe [339008 2015-04-20] (Nuance Communications, Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-07-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-07-01] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-07-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-07-01] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [428120 2015-07-06] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-07-01] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
S3 NETw1v32; C:\Windows\System32\DRIVERS\NETw1v32.sys [5958656 2009-07-20] (Intel Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-07-01] (Avast Software)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-03 14:52 - 2015-10-03 14:52 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-03 14:50 - 2015-10-03 14:55 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-03 14:50 - 2015-10-03 14:55 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-03 14:50 - 2015-10-03 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-03 14:49 - 2015-10-03 14:50 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Local\Deployment
2015-10-03 14:49 - 2015-10-03 14:49 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Local\Apps\2.0
2015-10-03 14:47 - 2015-10-03 14:47 - 00000328 _____ C:\Windows\PFRO.log
2015-10-03 14:47 - 2015-10-03 14:47 - 00000056 _____ C:\Windows\setupact.log
2015-10-03 14:47 - 2015-10-03 14:47 - 00000000 _____ C:\Windows\setuperr.log
2015-10-03 14:43 - 2015-10-03 14:43 - 00416599 _____ C:\Users\Nicolas Chauvin 2.0\Documents\bookmarks_10_3_15.html
2015-10-03 14:33 - 2015-10-03 14:33 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Nicolas Chauvin 2.0\Downloads\tdsskiller.exe
2015-10-03 14:05 - 2015-10-03 14:57 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\Documents\Security
2015-10-02 20:20 - 2015-10-03 14:47 - 00000000 ____D C:\Program Files\Zemana AntiMalware
2015-10-02 20:19 - 2015-10-02 20:20 - 05078968 _____ ( ) C:\Users\Nicolas Chauvin 2.0\Downloads\Zemana.AntiMalware.Setup.exe
2015-10-02 20:19 - 2015-10-02 20:19 - 05078968 _____ ( ) C:\Users\Nicolas Chauvin 2.0\Downloads\Zemana.AntiMalware.Setup (1).exe
2015-10-02 20:19 - 2015-10-02 20:19 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Local\Zemana
2015-10-02 20:03 - 2015-10-02 20:11 - 00000000 ____D C:\ProgramData\HitmanPro
2015-10-02 19:59 - 2015-10-02 20:03 - 10367880 _____ (SurfRight B.V.) C:\Users\Nicolas Chauvin 2.0\Downloads\HitmanPro.exe
2015-10-02 19:17 - 2015-10-02 19:17 - 01801288 _____ (Malwarebytes) C:\Users\Nicolas Chauvin 2.0\Downloads\JRT.exe
2015-10-02 19:10 - 2015-10-02 19:11 - 00000000 ____D C:\AdwCleaner
2015-10-02 19:04 - 2015-10-02 19:04 - 01670656 _____ C:\Users\Nicolas Chauvin 2.0\Downloads\adwcleaner_5.009.exe
2015-10-02 18:19 - 2015-10-03 14:57 - 00000000 ____D C:\FRST
2015-10-02 18:19 - 2015-10-02 18:19 - 01696256 _____ (Farbar) C:\Users\Nicolas Chauvin 2.0\Downloads\FRST.exe
2015-10-02 17:41 - 2015-10-02 17:41 - 00388608 _____ (Trend Micro Inc.) C:\Users\Nicolas Chauvin 2.0\Downloads\HijackThis (1).exe
2015-10-02 17:36 - 2015-10-02 17:36 - 00055104 _____ C:\Users\Nicolas Chauvin 2.0\Documents\cc_20151002_173616.reg
2015-09-23 15:49 - 2015-09-23 15:49 - 00019041 _____ C:\Users\Nicolas Chauvin 2.0\Downloads\Graphs.xlsx.xlsx
2015-09-23 15:48 - 2015-09-23 15:48 - 00012093 _____ C:\Users\Nicolas Chauvin 2.0\Downloads\Instructions_Graph (1).xlsx
2015-09-22 19:39 - 2015-09-22 19:39 - 00005969 _____ C:\Users\Nicolas Chauvin 2.0\Downloads\Whatever (1).xlsx
2015-09-22 19:37 - 2015-09-22 19:37 - 00005969 _____ C:\Users\Nicolas Chauvin 2.0\Downloads\Whatever.xlsx
2015-09-18 16:00 - 2015-09-18 16:00 - 00012093 _____ C:\Users\Nicolas Chauvin 2.0\Downloads\Instructions_Graph.xlsx
2015-09-18 13:04 - 2015-09-18 19:10 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\dasher.rc
2015-09-18 13:03 - 2015-09-18 13:03 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dasher 4.11
2015-09-18 13:03 - 2015-09-18 13:03 - 00000000 ____D C:\Program Files\Dasher
2015-09-18 12:58 - 2015-09-18 12:59 - 09722076 _____ C:\Users\Nicolas Chauvin 2.0\Downloads\Dasher 4.11.msi
2015-09-08 17:16 - 2015-08-05 10:41 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-08 17:16 - 2015-08-05 10:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-08 17:16 - 2015-08-05 10:40 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-09-08 17:16 - 2015-08-04 10:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-08 17:16 - 2015-08-04 10:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-08 17:16 - 2015-08-04 10:47 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-08 17:16 - 2015-08-04 10:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-08 17:16 - 2015-08-04 10:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-08 17:16 - 2015-08-04 09:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-08 17:15 - 2015-09-01 19:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-08 17:15 - 2015-09-01 19:48 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-08 17:15 - 2015-09-01 19:48 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-08 17:15 - 2015-09-01 19:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-08 17:15 - 2015-09-01 18:36 - 02384896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-08 17:15 - 2015-09-01 18:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-08 17:15 - 2015-08-26 10:56 - 02953728 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-08 17:15 - 2015-08-26 10:56 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-08 17:15 - 2015-08-26 10:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-08 17:15 - 2015-08-26 10:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-08 17:15 - 2015-08-26 10:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-08 17:15 - 2015-08-26 10:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-08 17:15 - 2015-08-26 10:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-08 17:15 - 2015-08-26 10:55 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-08 17:15 - 2015-08-26 10:55 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-08 17:15 - 2015-08-26 10:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-08 17:15 - 2015-08-26 10:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-08 17:15 - 2015-08-17 18:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-08 17:15 - 2015-08-14 23:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-08 17:15 - 2015-08-14 22:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-08 17:15 - 2015-08-14 22:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-08 17:15 - 2015-08-14 22:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-08 17:15 - 2015-08-14 22:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-08 17:15 - 2015-08-14 22:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-08 17:15 - 2015-08-14 22:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-08 17:15 - 2015-08-14 22:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-08 17:15 - 2015-08-14 22:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-08 17:15 - 2015-08-14 22:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-08 17:15 - 2015-08-14 22:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-08 17:15 - 2015-08-14 22:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-08 17:15 - 2015-08-14 22:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-08 17:15 - 2015-08-14 22:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-08 17:15 - 2015-08-14 22:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-08 17:15 - 2015-08-14 22:29 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-08 17:15 - 2015-08-14 22:24 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-08 17:15 - 2015-08-14 22:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-08 17:15 - 2015-08-14 22:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-08 17:15 - 2015-08-14 22:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-08 17:15 - 2015-08-14 22:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-08 17:15 - 2015-08-14 22:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-08 17:15 - 2015-08-14 22:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-08 17:15 - 2015-08-14 22:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-08 17:15 - 2015-08-14 22:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-08 17:15 - 2015-08-14 22:02 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-08 17:15 - 2015-08-14 22:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-08 17:15 - 2015-08-14 22:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-08 17:15 - 2015-08-14 21:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-08 17:15 - 2015-08-14 21:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-08 17:15 - 2015-08-14 21:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-08 17:15 - 2015-07-14 19:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-03 14:52 - 2014-02-01 17:55 - 01797291 _____ C:\Windows\WindowsUpdate.log
2015-10-03 14:51 - 2014-02-16 11:58 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google
2015-10-03 14:50 - 2014-02-14 15:04 - 00000000 ____D C:\Program Files\Google
2015-10-03 14:47 - 2009-07-13 21:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-03 14:46 - 2009-07-13 21:34 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-03 14:46 - 2009-07-13 21:34 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-03 12:12 - 2014-05-26 00:07 - 00000984 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003UA.job
2015-10-03 11:52 - 2014-04-27 22:39 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003Core.job
2015-10-02 21:19 - 2015-01-19 15:29 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\Downloads\backups
2015-10-02 21:19 - 2014-02-16 11:52 - 00000930 _____ C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-02 20:15 - 2015-02-21 19:17 - 00000000 __SHD C:\Users\Nicolas Chauvin 2.0\AppData\Local\EmieUserList
2015-10-02 20:15 - 2015-02-21 19:17 - 00000000 __SHD C:\Users\Nicolas Chauvin 2.0\AppData\Local\EmieSiteList
2015-10-02 20:15 - 2015-02-21 19:17 - 00000000 __SHD C:\Users\Nicolas Chauvin 2.0\AppData\Local\EmieBrowserModeList
2015-10-02 19:28 - 2015-01-19 15:47 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-02 17:38 - 2015-01-19 15:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-02 17:38 - 2015-01-19 15:47 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-10-02 17:28 - 2015-01-19 16:10 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-10-02 17:28 - 2014-02-23 14:51 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\uTorrent
2015-10-02 17:26 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\system32\GroupPolicy
2015-10-02 17:14 - 2015-08-20 18:39 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\Desktop\Statistics
2015-10-01 19:00 - 2014-02-16 12:12 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Local\Spotify
2015-10-01 18:28 - 2014-02-16 12:12 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Spotify
2015-09-30 19:11 - 2015-09-01 19:41 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\Desktop\Intro to Social Work
2015-09-30 01:14 - 2014-05-26 00:07 - 00000962 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003Core.job
2015-09-29 17:54 - 2015-08-22 16:28 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\Desktop\Social Work Philosophy
2015-09-18 16:47 - 2014-02-16 11:52 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Local\VirtualStore
2015-09-17 16:28 - 2015-08-22 22:24 - 00378993 _____ C:\Users\Apps\creator-about-modals.spa
2015-09-17 16:28 - 2015-08-11 13:56 - 01867297 _____ C:\Users\Apps\musixmatch-lyrics-cp.spa
2015-09-17 16:28 - 2015-08-11 13:56 - 00449780 _____ C:\Users\snapshot_blob.bin
2015-09-17 16:28 - 2015-08-11 13:56 - 00410937 _____ C:\Users\natives_blob.bin
2015-09-17 16:28 - 2015-05-27 20:29 - 00607382 _____ C:\Users\Apps\local-files-desktop.spa
2015-09-17 16:28 - 2015-05-13 12:31 - 00195849 _____ C:\Users\Apps\hub.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 45067320 _____ C:\Users\libcef.dll
2015-09-17 16:28 - 2015-03-31 13:13 - 10207504 _____ C:\Users\icudtl.dat
2015-09-17 16:28 - 2015-03-31 13:13 - 07535672 _____ (Spotify Ltd) C:\Users\Spotify.exe
2015-09-17 16:28 - 2015-03-31 13:13 - 04487782 _____ C:\Users\devtools_resources.pak
2015-09-17 16:28 - 2015-03-31 13:13 - 03457592 _____ (Microsoft Corporation) C:\Users\d3dcompiler_47.dll
2015-09-17 16:28 - 2015-03-31 13:13 - 02184260 _____ C:\Users\cef.pak
2015-09-17 16:28 - 2015-03-31 13:13 - 02157553 _____ C:\Users\Apps\glue-resources.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 02106424 _____ (Microsoft Corporation) C:\Users\d3dcompiler_43.dll
2015-09-17 16:28 - 2015-03-31 13:13 - 02018360 _____ (Spotify Ltd) C:\Users\SpotifyWebHelper.exe
2015-09-17 16:28 - 2015-03-31 13:13 - 01649208 _____ C:\Users\libGLESv2.dll
2015-09-17 16:28 - 2015-03-31 13:13 - 00967736 _____ (The Chromium Authors) C:\Users\ffmpegsumo.dll
2015-09-17 16:28 - 2015-03-31 13:13 - 00900495 _____ C:\Users\Apps\zlink.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00839224 _____ (Spotify Ltd) C:\Users\SpotifyCrashService.exe
2015-09-17 16:28 - 2015-03-31 13:13 - 00768038 _____ C:\Users\Apps\playlist-desktop.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00761075 _____ C:\Users\Apps\artist.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00750083 _____ C:\Users\Apps\browse.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00622967 _____ C:\Users\cef_200_percent.pak
2015-09-17 16:28 - 2015-03-31 13:13 - 00555515 _____ C:\Users\Apps\genre.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00549988 _____ C:\Users\Apps\notification-center.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00538456 _____ C:\Users\Apps\settings.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00528578 _____ C:\Users\Apps\collection.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00520851 _____ C:\Users\Apps\collection-artist.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00520120 _____ C:\Users\Apps\discover.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00488825 _____ C:\Users\Apps\album.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00487229 _____ C:\Users\Apps\article.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00478891 _____ C:\Users\Apps\messages.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00468951 _____ C:\Users\cef_100_percent.pak
2015-09-17 16:28 - 2015-03-31 13:13 - 00466223 _____ C:\Users\Apps\collection-album.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00456502 _____ C:\Users\Apps\social-feed.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00453236 _____ C:\Users\Apps\charts.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00398127 _____ C:\Users\Apps\zlogin.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00395528 _____ C:\Users\Apps\collection-songs.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00387716 _____ C:\Users\Apps\social-chart.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00369607 _____ C:\Users\Apps\buddy-list.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00336806 _____ C:\Users\Apps\radio.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00321096 _____ C:\Users\Apps\chart.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00285977 _____ C:\Users\Apps\folder.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00277789 _____ C:\Users\Apps\share.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00261124 _____ C:\Users\Apps\zlink-queue.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00246967 _____ C:\Users\Apps\profile.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00236915 _____ C:\Users\Apps\search.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00218391 _____ C:\Users\Apps\findfriends.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00186702 _____ C:\Users\Apps\suggest.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00158229 _____ C:\Users\Apps\follow.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00098360 _____ (Spotify Ltd) C:\Users\SpotifyLauncher.exe
2015-09-17 16:28 - 2015-03-31 13:13 - 00088762 _____ C:\Users\Apps\about.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00080952 _____ C:\Users\libEGL.dll
2015-09-17 16:28 - 2015-03-31 13:13 - 00078348 _____ C:\Users\Apps\error.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00073272 _____ C:\Users\wow_helper.exe
2015-09-17 16:28 - 2015-03-31 13:13 - 00053462 _____ C:\Users\Apps\ad.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00050934 _____ C:\Users\Apps\licenses.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00014086 _____ C:\Users\locales\en-US.pak
2015-09-17 16:28 - 2015-03-31 13:13 - 00009273 _____ C:\Users\locales\el.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00008384 _____ C:\Users\locales\ru.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00008121 _____ C:\Users\locales\ja.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007783 _____ C:\Users\locales\fr-CA.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007735 _____ C:\Users\locales\hu.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007669 _____ C:\Users\locales\pl.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007662 _____ C:\Users\locales\fr.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007627 _____ C:\Users\locales\fi.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007542 _____ C:\Users\locales\es-419.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007515 _____ C:\Users\locales\nl.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007499 _____ C:\Users\locales\es.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007490 _____ C:\Users\locales\de.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007475 _____ C:\Users\locales\it.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007461 _____ C:\Users\locales\tr.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007404 _____ C:\Users\locales\zsm.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007402 _____ C:\Users\locales\pt-BR.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007385 _____ C:\Users\locales\sv.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007290 _____ C:\Users\locales\zh-Hant.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007133 _____ C:\Users\locales\arb.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007062 _____ C:\Users\locales\en.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00000020 _____ C:\Users\inst_ver.dat
2015-09-17 16:28 - 2015-03-31 13:13 - 00000000 ____D C:\Users\locales
2015-09-17 16:28 - 2015-03-31 13:13 - 00000000 _____ C:\Users\Nicolas.redir
2015-09-14 11:47 - 2014-04-27 22:39 - 00000964 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003UA.job
2015-09-12 21:14 - 2015-03-10 19:27 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\vlc
2015-09-12 19:12 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\rescache
2015-09-10 19:15 - 2015-03-31 13:13 - 02332541 _____ C:\Users\Apps\musixmatch-lyrics.spa
2015-09-09 13:12 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-09-09 11:51 - 2009-07-13 21:33 - 00284336 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-09 11:49 - 2009-07-14 00:50 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-06 14:47 - 2015-08-22 11:34 - 00000000 ____D C:\ProgramData\TEMP
2015-09-06 14:29 - 2015-08-22 12:49 - 00000955 _____ C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\SAS7_000.DAT
 
==================== Files in the root of some directories =======
 
2015-08-22 12:49 - 2015-09-06 14:29 - 0000955 _____ () C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\SAS7_000.DAT
2015-01-25 18:42 - 2015-01-26 19:24 - 0000057 _____ () C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\WB.CFG
 
Some files in TEMP:
====================
C:\Users\Nicolas Chauvin 2.0\AppData\Local\Temp\HitmanPro.exe
C:\Users\Nicolas Chauvin 2.0\AppData\Local\Temp\sqlite3.dll
C:\Users\Nicolas Chauvin 2.0\AppData\Local\Temp\zWXxcl6rn4.exe
C:\Users\Nicolas Chauvin 2.0\AppData\Local\Temp\{47972ABB-E1E0-488C-BA2E-7ADF16B0B808}.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-01 12:24
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:30-10-2015
Ran by Nicolas Chauvin 2.0 (2015-10-03 14:58:07)
Running from C:\Users\Nicolas Chauvin 2.0\Documents\Security
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2014-02-01 23:22:39)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1908793814-2174131667-131035205-500 - Administrator - Disabled)
Guest (S-1-5-21-1908793814-2174131667-131035205-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1908793814-2174131667-131035205-1002 - Limited - Enabled)
Nicolas Chauvin 2.0 (S-1-5-21-1908793814-2174131667-131035205-1003 - Administrator - Enabled) => C:\Users\Nicolas Chauvin 2.0
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\uTorrent) (Version: 3.4.5.41073 - BitTorrent Inc.)
7-Zip 9.22beta (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\Amazon Kindle) (Version:  - Amazon)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Dasher 4.11 (HKLM\...\{BD8ECD28-2D32-11DF-8D17-000423472618}) (Version: 4.11 - The Dasher Project)
Dragon NaturallySpeaking 13 (HKLM\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FastStone Image Viewer 4.9 (HKLM\...\FastStone Image Viewer) (Version: 4.9 - FastStone Soft)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Talk Plugin (HKLM\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OpenOffice 4.1.1 (HKLM\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Skype™ 7.6 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
SoulseekQt (HKLM\...\SoulseekQt) (Version:  - )
Spotify (HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\Spotify) (Version: 1.0.14.124.g4dfabc51 - Spotify AB)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
System Requirements Lab for Intel (HKLM\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Yawcam 0.4.1 (HKLM\...\{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1908793814-2174131667-131035205-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1908793814-2174131667-131035205-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1908793814-2174131667-131035205-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1908793814-2174131667-131035205-1003_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1908793814-2174131667-131035205-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1908793814-2174131667-131035205-1003_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1908793814-2174131667-131035205-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1908793814-2174131667-131035205-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1908793814-2174131667-131035205-1003_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\1.3.28.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1908793814-2174131667-131035205-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1908793814-2174131667-131035205-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\1.3.28.15\psuser.dll (Google Inc.)
 
==================== Restore Points =========================
 
31-07-2015 11:20:40 Windows Update
04-08-2015 11:41:45 Windows Update
07-08-2015 11:57:29 Windows Update
11-08-2015 14:37:19 Windows Update
11-08-2015 19:32:33 Windows Update
13-08-2015 20:19:39 Windows Update
14-08-2015 13:55:18 Windows Update
18-08-2015 15:11:01 Windows Update
19-08-2015 00:49:07 Windows Update
22-08-2015 11:09:19 Installato Dragon NaturallySpeaking 13.
24-08-2015 00:30:55 Windows Update
24-08-2015 21:02:40 Windows Update
28-08-2015 15:15:11 Windows Update
01-09-2015 11:29:36 Windows Update
04-09-2015 12:29:34 Windows Update
08-09-2015 17:04:59 Windows Update
08-09-2015 20:52:41 Windows Update
09-09-2015 11:39:12 Windows Modules Installer
09-09-2015 11:41:51 Windows Modules Installer
09-09-2015 11:43:04 Windows Modules Installer
15-09-2015 11:56:38 Windows Update
18-09-2015 12:18:08 Windows Update
18-09-2015 13:03:01 Installed Dasher 4.11
22-09-2015 11:29:45 Windows Update
25-09-2015 11:34:14 Windows Update
29-09-2015 12:05:20 Windows Update
02-10-2015 19:18:31 JRT Pre-Junkware Removal
02-10-2015 20:10:04 Checkpoint by HitmanPro
02-10-2015 21:18:57 Zemana AntiMalware 10/2/2015 9:18:56 PM
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:04 - 2009-06-10 14:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {2D16EC58-843E-4EC3-92A0-F7AF05F1E0D7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003UA => C:\Users\Nicolas Chauvin 2.0\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {455381DA-73FD-40ED-B62F-17D8A54EBD6E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-10-03] (Google Inc.)
Task: {4B4D25FC-605B-44D6-84D1-E32E7A83B967} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003Core => C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {75BAC42D-AE73-4584-BF33-E26B65221F0D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-10-03] (Google Inc.)
Task: {BAE0758B-7E55-4560-ACE9-832601DA56D5} - System32\Tasks\{325CAAEB-EA0E-4A9C-BC9B-60E0D2110F58} => pcalua.exe -a "C:\Users\Nicolas Chauvin 2.0\Downloads\win7_1512754.exe" -d "C:\Users\Nicolas Chauvin 2.0\Downloads"
Task: {C5B9534D-D699-43BD-B9A2-4A8B2BE2FB00} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-01] (Avast Software s.r.o.)
Task: {ECC0DB03-FAC1-417A-A3EA-E8361DCAC522} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {F124AFCA-D217-4648-8A8F-613A2A2C75AC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003UA => C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {F923D5AB-F0B9-4E4B-9448-1E2AE1826987} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003Core => C:\Users\Nicolas Chauvin 2.0\AppData\Local\Facebook\Update\FacebookUpdate.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003Core.job => C:\Users\Nicolas Chauvin 2.0\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003UA.job => C:\Users\Nicolas Chauvin 2.0\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003Core.job => C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003UA.job => C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-01 12:09 - 2015-07-01 12:09 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-01 12:09 - 2015-07-01 12:09 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-10-03 11:18 - 2015-10-03 11:18 - 02966528 _____ () C:\Program Files\AVAST Software\Avast\defs\15100301\algo.dll
2015-07-01 12:09 - 2015-07-01 12:10 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-10-03 14:50 - 2015-09-23 19:34 - 01501512 _____ () C:\Program Files\Google\Chrome\Application\45.0.2454.101\libglesv2.dll
2015-10-03 14:50 - 2015-09-23 19:34 - 00081224 _____ () C:\Program Files\Google\Chrome\Application\45.0.2454.101\libegl.dll
2015-10-03 14:50 - 2015-09-23 19:34 - 16487752 _____ () C:\Program Files\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\123simsen.com -> www.123simsen.com
 
There are 7865 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1908793814-2174131667-131035205-1003\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.0.1 - 205.171.2.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{7DA5F9A7-3ED9-4461-BF37-14F5C7A17766}C:\users\nicolas chauvin 2.0\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nicolas chauvin 2.0\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C0257C3F-5C44-4AF4-A41D-13E50E1253FD}C:\users\nicolas chauvin 2.0\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nicolas chauvin 2.0\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{2D81C637-A96E-4E56-969F-3EC145BE7032}C:\users\nicolas chauvin 2.0\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nicolas chauvin 2.0\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{D9B83318-8B64-4E92-8C49-51E04B097B5A}C:\users\nicolas chauvin 2.0\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nicolas chauvin 2.0\appdata\roaming\spotify\spotify.exe
FirewallRules: [{74CC395B-2174-40CA-9DAA-5A1209DA8BEC}] => (Allow) C:\Users\Nicolas Chauvin 2.0\Downloads\uTorrent.exe
FirewallRules: [{55A3651B-27F0-45AD-A4D0-93C8E59DAC6B}] => (Allow) C:\Users\Nicolas Chauvin 2.0\Downloads\uTorrent.exe
FirewallRules: [TCP Query User{B3EF1DFE-E1C9-436D-A303-8C21B54381F0}C:\program files\soulseekqt\soulseekqt.exe] => (Allow) C:\program files\soulseekqt\soulseekqt.exe
FirewallRules: [UDP Query User{7A464496-EBAC-493D-9435-A5982E59ABB9}C:\program files\soulseekqt\soulseekqt.exe] => (Allow) C:\program files\soulseekqt\soulseekqt.exe
FirewallRules: [{17221E1A-895C-42D6-B041-2407B2E51011}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{88BC5C3F-43B1-440B-B73F-05EA92D5FD2E}] => (Allow) C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FE9A5EFE-AAE1-4FD5-BA50-92FBD4D325ED}] => (Allow) C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CDFC59BF-3EB7-416D-9DF3-7204B7B76BE5}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{F662122A-041A-4ECD-A5AC-F056C90637C7}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{8D230368-2F7F-489B-A91C-FFAB3075F854}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{F3EDBA89-5C93-4DDC-8C2A-505F1248BB44}] => (Allow) LPort=51001
FirewallRules: [{CE56A605-7D8E-4979-8C64-05521B5CF4B1}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/02/2015 07:15:30 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhost (3224) WebCacheLocal: Error -1811 occurred while opening logfile C:\Users\Nicolas Chauvin 2.0\AppData\Local\Microsoft\Windows\WebCache\V01000FE.log.
 
Error: (10/02/2015 05:30:19 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054
 
Error: (10/02/2015 05:26:44 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054
 
Error: (10/02/2015 12:07:13 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
 
Error: (10/01/2015 08:24:58 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054
 
Error: (10/01/2015 12:26:35 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
 
Error: (09/30/2015 07:46:49 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054
 
Error: (09/29/2015 07:14:03 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054
 
Error: (09/28/2015 08:39:09 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
 
Error: (09/28/2015 01:06:26 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054
 
 
System errors:
=============
Error: (10/02/2015 07:19:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (10/02/2015 07:19:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (10/02/2015 07:19:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dragon Logger service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (10/02/2015 07:19:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dragon Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/02/2015 07:12:26 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (10/02/2015 07:11:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (10/02/2015 07:11:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (10/02/2015 07:11:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dragon Logger service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (10/02/2015 07:11:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dragon Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/02/2015 07:11:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 46%
Total physical RAM: 2974.93 MB
Available physical RAM: 1577.33 MB
Total Virtual: 5948.16 MB
Available Virtual: 4309.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:285.77 GB) (Free:22.27 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:12.12 GB) (Free:2.04 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.13 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E7E8E0A0)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=285.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.1 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Edited by NumeroUnoCabron, 03 October 2015 - 04:25 PM.

  • 0

#4
Essexboy
Posted 04 October 2015 - 03:39 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Unfortunately malwaretips give the same instructions irrespective of what the infection is. Basically it will throw every single tool at the problem rather than using a targeted approach. In the hope that it will go away.




CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
FF SelectedSearchEngine: Taplika
FF Plugin HKU\S-1-5-21-1908793814-2174131667-131035205-1003: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
2015-10-02 20:15 - 2015-02-21 19:17 - 00000000 __SHD C:\Users\Nicolas Chauvin 2.0\AppData\Local\EmieUserList
2015-10-02 20:15 - 2015-02-21 19:17 - 00000000 __SHD C:\Users\Nicolas Chauvin 2.0\AppData\Local\EmieSiteList
2015-10-02 20:15 - 2015-02-21 19:17 - 00000000 __SHD C:\Users\Nicolas Chauvin 2.0\AppData\Local\EmieBrowserModeList
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#5
NumeroUnoCabron
Posted 04 October 2015 - 03:16 PM

NumeroUnoCabron

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Thank you for the information.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:04-10-2015
Ran by Nicolas Chauvin 2.0 (administrator) on SEAN (04-10-2015 13:53:01)
Running from C:\Users\Nicolas Chauvin 2.0\Documents\Security
Loaded Profiles: Nicolas Chauvin 2.0 (Available Profiles: Nicolas Chauvin 2.0)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Nuance Communications, Inc.) C:\Program Files\Common Files\Nuance\dgnsvc.exe
(Nuance Communications, Inc.) C:\Program Files\Common Files\Nuance\loggerservice.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Spotify Ltd) C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Google Inc.) C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\GoogleUpdate.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-06] (Avast Software s.r.o.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2075480 2013-06-24] (Flexera Software LLC.)
HKLM\...\Run: [DNS7reminder] => C:\Program Files\Nuance\NaturallySpeaking13\Ereg\Ereg.exe [325960 2014-05-30] (Nuance Communications, Inc.)
HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\Run: [Spotify Web Helper] => C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2025016 2015-09-21] (Spotify Ltd)
HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\Run: [Google Update] => C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.)
HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2075480 2013-06-24] (Flexera Software LLC.)
HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\MountPoints2: {c49c2100-1f71-11e5-a841-00269e2d7972} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-02-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-07-01] (Avast Software s.r.o.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{812FE7BD-8B2D-434D-A4F4-911A87B6A792}: [DhcpNameServer] 192.168.0.1 205.171.2.65
Tcpip\..\Interfaces\{E3FF2110-CF1F-43FF-9E7B-B0C35D7E061D}: [DhcpNameServer] 192.168.0.1 205.171.2.25
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1908793814-2174131667-131035205-1003 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = 
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2015-04-20] (Nuance Communications, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-03-05] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Mozilla\Firefox\Profiles\3v5gf8jo.default
FF SelectedSearchEngine: Taplika
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-03-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-03-05] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-03] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-03] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: nuance.com/DgnRia2 -> C:\Program Files\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [2015-04-20] (Nuance Communications, Inc.)
FF Plugin HKU\S-1-5-21-1908793814-2174131667-131035205-1003: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKU\S-1-5-21-1908793814-2174131667-131035205-1003: @talk.google.com/GoogleTalkPlugin -> C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1908793814-2174131667-131035205-1003: @talk.google.com/O1DPlugin -> C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1908793814-2174131667-131035205-1003: @tools.google.com/Google Update;version=3 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-1908793814-2174131667-131035205-1003: @tools.google.com/Google Update;version=9 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: turkopticon - C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Mozilla\Firefox\Profiles\3v5gf8jo.default\Extensions\{4324f4a6-3a89-477e-b388-6bca032df78b}.xpi [2014-05-21]
FF Extension: Greasemonkey - C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Mozilla\Firefox\Profiles\3v5gf8jo.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-05-21]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF => not found
 
Chrome: 
=======
CHR Profile: C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-03]
CHR Extension: (Google Docs) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-03]
CHR Extension: (Google Drive) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-03]
CHR Extension: (YouTube) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-03]
CHR Extension: (uBlock Origin) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-10-03]
CHR Extension: (Google Search) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-03]
CHR Extension: (Google Sheets) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-03]
CHR Extension: (Google Docs Offline) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-03]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2015-10-03]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2015-10-03]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-10-03]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-10-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-03]
CHR Extension: (Gmail) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-03]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-01] (Avast Software s.r.o.)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-07-01] (Avast Software)
R2 DragonLoggerService; C:\Program Files\Common Files\Nuance\loggerservice.exe [151616 2015-04-20] (Nuance Communications, Inc.)
R2 DragonSvc; C:\Program Files\Common Files\Nuance\dgnsvc.exe [339008 2015-04-20] (Nuance Communications, Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-07-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-07-01] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-07-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-07-01] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [428120 2015-07-06] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-07-01] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
S3 NETw1v32; C:\Windows\System32\DRIVERS\NETw1v32.sys [5958656 2009-07-20] (Intel Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-07-01] (Avast Software)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-03 14:52 - 2015-10-03 14:52 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-03 14:50 - 2015-10-04 12:59 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-03 14:50 - 2015-10-03 23:55 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-03 14:50 - 2015-10-03 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-03 14:49 - 2015-10-03 14:50 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Local\Deployment
2015-10-03 14:49 - 2015-10-03 14:49 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Local\Apps\2.0
2015-10-03 14:47 - 2015-10-04 12:58 - 00000632 _____ C:\Windows\PFRO.log
2015-10-03 14:47 - 2015-10-04 12:58 - 00000224 _____ C:\Windows\setupact.log
2015-10-03 14:47 - 2015-10-03 14:47 - 00000000 _____ C:\Windows\setuperr.log
2015-10-03 14:43 - 2015-10-03 14:43 - 00416599 _____ C:\Users\Nicolas Chauvin 2.0\Documents\bookmarks_10_3_15.html
2015-10-03 14:33 - 2015-10-03 14:33 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Nicolas Chauvin 2.0\Downloads\tdsskiller.exe
2015-10-03 14:05 - 2015-10-04 13:52 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\Documents\Security
2015-10-02 20:20 - 2015-10-03 14:47 - 00000000 ____D C:\Program Files\Zemana AntiMalware
2015-10-02 20:19 - 2015-10-02 20:20 - 05078968 _____ ( ) C:\Users\Nicolas Chauvin 2.0\Downloads\Zemana.AntiMalware.Setup.exe
2015-10-02 20:19 - 2015-10-02 20:19 - 05078968 _____ ( ) C:\Users\Nicolas Chauvin 2.0\Downloads\Zemana.AntiMalware.Setup (1).exe
2015-10-02 20:19 - 2015-10-02 20:19 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Local\Zemana
2015-10-02 20:03 - 2015-10-02 20:11 - 00000000 ____D C:\ProgramData\HitmanPro
2015-10-02 19:59 - 2015-10-02 20:03 - 10367880 _____ (SurfRight B.V.) C:\Users\Nicolas Chauvin 2.0\Downloads\HitmanPro.exe
2015-10-02 19:17 - 2015-10-02 19:17 - 01801288 _____ (Malwarebytes) C:\Users\Nicolas Chauvin 2.0\Downloads\JRT.exe
2015-10-02 19:10 - 2015-10-02 19:11 - 00000000 ____D C:\AdwCleaner
2015-10-02 19:04 - 2015-10-02 19:04 - 01670656 _____ C:\Users\Nicolas Chauvin 2.0\Downloads\adwcleaner_5.009.exe
2015-10-02 18:19 - 2015-10-04 13:53 - 00000000 ____D C:\FRST
2015-10-02 18:19 - 2015-10-02 18:19 - 01696256 _____ (Farbar) C:\Users\Nicolas Chauvin 2.0\Downloads\FRST.exe
2015-10-02 17:41 - 2015-10-02 17:41 - 00388608 _____ (Trend Micro Inc.) C:\Users\Nicolas Chauvin 2.0\Downloads\HijackThis (1).exe
2015-10-02 17:36 - 2015-10-02 17:36 - 00055104 _____ C:\Users\Nicolas Chauvin 2.0\Documents\cc_20151002_173616.reg
2015-09-23 15:49 - 2015-09-23 15:49 - 00019041 _____ C:\Users\Nicolas Chauvin 2.0\Downloads\Graphs.xlsx.xlsx
2015-09-23 15:48 - 2015-09-23 15:48 - 00012093 _____ C:\Users\Nicolas Chauvin 2.0\Downloads\Instructions_Graph (1).xlsx
2015-09-22 19:39 - 2015-09-22 19:39 - 00005969 _____ C:\Users\Nicolas Chauvin 2.0\Downloads\Whatever (1).xlsx
2015-09-22 19:37 - 2015-09-22 19:37 - 00005969 _____ C:\Users\Nicolas Chauvin 2.0\Downloads\Whatever.xlsx
2015-09-18 16:00 - 2015-09-18 16:00 - 00012093 _____ C:\Users\Nicolas Chauvin 2.0\Downloads\Instructions_Graph.xlsx
2015-09-18 13:04 - 2015-09-18 19:10 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\dasher.rc
2015-09-18 13:03 - 2015-09-18 13:03 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dasher 4.11
2015-09-18 13:03 - 2015-09-18 13:03 - 00000000 ____D C:\Program Files\Dasher
2015-09-18 12:58 - 2015-09-18 12:59 - 09722076 _____ C:\Users\Nicolas Chauvin 2.0\Downloads\Dasher 4.11.msi
2015-09-08 17:16 - 2015-08-05 10:41 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-08 17:16 - 2015-08-05 10:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-08 17:16 - 2015-08-05 10:40 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-09-08 17:16 - 2015-08-04 10:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-08 17:16 - 2015-08-04 10:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-08 17:16 - 2015-08-04 10:47 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-08 17:16 - 2015-08-04 10:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-08 17:16 - 2015-08-04 10:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-08 17:16 - 2015-08-04 09:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-08 17:15 - 2015-09-01 19:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-08 17:15 - 2015-09-01 19:48 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-08 17:15 - 2015-09-01 19:48 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-08 17:15 - 2015-09-01 19:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-08 17:15 - 2015-09-01 18:36 - 02384896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-08 17:15 - 2015-09-01 18:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-08 17:15 - 2015-08-26 10:56 - 02953728 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-08 17:15 - 2015-08-26 10:56 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-08 17:15 - 2015-08-26 10:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-08 17:15 - 2015-08-26 10:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-08 17:15 - 2015-08-26 10:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-08 17:15 - 2015-08-26 10:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-08 17:15 - 2015-08-26 10:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-08 17:15 - 2015-08-26 10:55 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-08 17:15 - 2015-08-26 10:55 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-08 17:15 - 2015-08-26 10:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-08 17:15 - 2015-08-26 10:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-08 17:15 - 2015-08-17 18:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-08 17:15 - 2015-08-14 23:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-08 17:15 - 2015-08-14 22:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-08 17:15 - 2015-08-14 22:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-08 17:15 - 2015-08-14 22:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-08 17:15 - 2015-08-14 22:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-08 17:15 - 2015-08-14 22:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-08 17:15 - 2015-08-14 22:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-08 17:15 - 2015-08-14 22:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-08 17:15 - 2015-08-14 22:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-08 17:15 - 2015-08-14 22:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-08 17:15 - 2015-08-14 22:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-08 17:15 - 2015-08-14 22:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-08 17:15 - 2015-08-14 22:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-08 17:15 - 2015-08-14 22:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-08 17:15 - 2015-08-14 22:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-08 17:15 - 2015-08-14 22:29 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-08 17:15 - 2015-08-14 22:24 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-08 17:15 - 2015-08-14 22:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-08 17:15 - 2015-08-14 22:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-08 17:15 - 2015-08-14 22:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-08 17:15 - 2015-08-14 22:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-08 17:15 - 2015-08-14 22:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-08 17:15 - 2015-08-14 22:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-08 17:15 - 2015-08-14 22:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-08 17:15 - 2015-08-14 22:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-08 17:15 - 2015-08-14 22:02 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-08 17:15 - 2015-08-14 22:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-08 17:15 - 2015-08-14 22:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-08 17:15 - 2015-08-14 21:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-08 17:15 - 2015-08-14 21:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-08 17:15 - 2015-08-14 21:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-08 17:15 - 2015-07-14 19:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-04 13:08 - 2014-02-01 17:55 - 01845962 _____ C:\Windows\WindowsUpdate.log
2015-10-04 12:58 - 2009-07-13 21:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-04 00:01 - 2009-07-13 21:34 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-04 00:01 - 2009-07-13 21:34 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-03 21:12 - 2014-05-26 00:07 - 00000984 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003UA.job
2015-10-03 14:51 - 2014-02-16 11:58 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google
2015-10-03 14:50 - 2014-02-14 15:04 - 00000000 ____D C:\Program Files\Google
2015-10-03 11:52 - 2014-04-27 22:39 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003Core.job
2015-10-02 21:19 - 2015-01-19 15:29 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\Downloads\backups
2015-10-02 21:19 - 2014-02-16 11:52 - 00000930 _____ C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-02 20:15 - 2015-02-21 19:17 - 00000000 __SHD C:\Users\Nicolas Chauvin 2.0\AppData\Local\EmieUserList
2015-10-02 20:15 - 2015-02-21 19:17 - 00000000 __SHD C:\Users\Nicolas Chauvin 2.0\AppData\Local\EmieSiteList
2015-10-02 20:15 - 2015-02-21 19:17 - 00000000 __SHD C:\Users\Nicolas Chauvin 2.0\AppData\Local\EmieBrowserModeList
2015-10-02 19:28 - 2015-01-19 15:47 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-02 17:38 - 2015-01-19 15:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-02 17:38 - 2015-01-19 15:47 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-10-02 17:28 - 2015-01-19 16:10 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-10-02 17:28 - 2014-02-23 14:51 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\uTorrent
2015-10-02 17:26 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\system32\GroupPolicy
2015-10-02 17:14 - 2015-08-20 18:39 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\Desktop\Statistics
2015-10-01 19:00 - 2014-02-16 12:12 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Local\Spotify
2015-10-01 18:28 - 2014-02-16 12:12 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Spotify
2015-09-30 19:11 - 2015-09-01 19:41 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\Desktop\Intro to Social Work
2015-09-30 01:14 - 2014-05-26 00:07 - 00000962 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003Core.job
2015-09-29 17:54 - 2015-08-22 16:28 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\Desktop\Social Work Philosophy
2015-09-18 16:47 - 2014-02-16 11:52 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Local\VirtualStore
2015-09-17 16:28 - 2015-08-22 22:24 - 00378993 _____ C:\Users\Apps\creator-about-modals.spa
2015-09-17 16:28 - 2015-08-11 13:56 - 01867297 _____ C:\Users\Apps\musixmatch-lyrics-cp.spa
2015-09-17 16:28 - 2015-08-11 13:56 - 00449780 _____ C:\Users\snapshot_blob.bin
2015-09-17 16:28 - 2015-08-11 13:56 - 00410937 _____ C:\Users\natives_blob.bin
2015-09-17 16:28 - 2015-05-27 20:29 - 00607382 _____ C:\Users\Apps\local-files-desktop.spa
2015-09-17 16:28 - 2015-05-13 12:31 - 00195849 _____ C:\Users\Apps\hub.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 45067320 _____ C:\Users\libcef.dll
2015-09-17 16:28 - 2015-03-31 13:13 - 10207504 _____ C:\Users\icudtl.dat
2015-09-17 16:28 - 2015-03-31 13:13 - 07535672 _____ (Spotify Ltd) C:\Users\Spotify.exe
2015-09-17 16:28 - 2015-03-31 13:13 - 04487782 _____ C:\Users\devtools_resources.pak
2015-09-17 16:28 - 2015-03-31 13:13 - 03457592 _____ (Microsoft Corporation) C:\Users\d3dcompiler_47.dll
2015-09-17 16:28 - 2015-03-31 13:13 - 02184260 _____ C:\Users\cef.pak
2015-09-17 16:28 - 2015-03-31 13:13 - 02157553 _____ C:\Users\Apps\glue-resources.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 02106424 _____ (Microsoft Corporation) C:\Users\d3dcompiler_43.dll
2015-09-17 16:28 - 2015-03-31 13:13 - 02018360 _____ (Spotify Ltd) C:\Users\SpotifyWebHelper.exe
2015-09-17 16:28 - 2015-03-31 13:13 - 01649208 _____ C:\Users\libGLESv2.dll
2015-09-17 16:28 - 2015-03-31 13:13 - 00967736 _____ (The Chromium Authors) C:\Users\ffmpegsumo.dll
2015-09-17 16:28 - 2015-03-31 13:13 - 00900495 _____ C:\Users\Apps\zlink.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00839224 _____ (Spotify Ltd) C:\Users\SpotifyCrashService.exe
2015-09-17 16:28 - 2015-03-31 13:13 - 00768038 _____ C:\Users\Apps\playlist-desktop.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00761075 _____ C:\Users\Apps\artist.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00750083 _____ C:\Users\Apps\browse.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00622967 _____ C:\Users\cef_200_percent.pak
2015-09-17 16:28 - 2015-03-31 13:13 - 00555515 _____ C:\Users\Apps\genre.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00549988 _____ C:\Users\Apps\notification-center.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00538456 _____ C:\Users\Apps\settings.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00528578 _____ C:\Users\Apps\collection.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00520851 _____ C:\Users\Apps\collection-artist.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00520120 _____ C:\Users\Apps\discover.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00488825 _____ C:\Users\Apps\album.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00487229 _____ C:\Users\Apps\article.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00478891 _____ C:\Users\Apps\messages.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00468951 _____ C:\Users\cef_100_percent.pak
2015-09-17 16:28 - 2015-03-31 13:13 - 00466223 _____ C:\Users\Apps\collection-album.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00456502 _____ C:\Users\Apps\social-feed.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00453236 _____ C:\Users\Apps\charts.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00398127 _____ C:\Users\Apps\zlogin.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00395528 _____ C:\Users\Apps\collection-songs.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00387716 _____ C:\Users\Apps\social-chart.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00369607 _____ C:\Users\Apps\buddy-list.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00336806 _____ C:\Users\Apps\radio.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00321096 _____ C:\Users\Apps\chart.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00285977 _____ C:\Users\Apps\folder.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00277789 _____ C:\Users\Apps\share.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00261124 _____ C:\Users\Apps\zlink-queue.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00246967 _____ C:\Users\Apps\profile.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00236915 _____ C:\Users\Apps\search.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00218391 _____ C:\Users\Apps\findfriends.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00186702 _____ C:\Users\Apps\suggest.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00158229 _____ C:\Users\Apps\follow.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00098360 _____ (Spotify Ltd) C:\Users\SpotifyLauncher.exe
2015-09-17 16:28 - 2015-03-31 13:13 - 00088762 _____ C:\Users\Apps\about.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00080952 _____ C:\Users\libEGL.dll
2015-09-17 16:28 - 2015-03-31 13:13 - 00078348 _____ C:\Users\Apps\error.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00073272 _____ C:\Users\wow_helper.exe
2015-09-17 16:28 - 2015-03-31 13:13 - 00053462 _____ C:\Users\Apps\ad.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00050934 _____ C:\Users\Apps\licenses.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00014086 _____ C:\Users\locales\en-US.pak
2015-09-17 16:28 - 2015-03-31 13:13 - 00009273 _____ C:\Users\locales\el.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00008384 _____ C:\Users\locales\ru.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00008121 _____ C:\Users\locales\ja.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007783 _____ C:\Users\locales\fr-CA.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007735 _____ C:\Users\locales\hu.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007669 _____ C:\Users\locales\pl.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007662 _____ C:\Users\locales\fr.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007627 _____ C:\Users\locales\fi.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007542 _____ C:\Users\locales\es-419.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007515 _____ C:\Users\locales\nl.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007499 _____ C:\Users\locales\es.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007490 _____ C:\Users\locales\de.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007475 _____ C:\Users\locales\it.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007461 _____ C:\Users\locales\tr.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007404 _____ C:\Users\locales\zsm.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007402 _____ C:\Users\locales\pt-BR.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007385 _____ C:\Users\locales\sv.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007290 _____ C:\Users\locales\zh-Hant.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007133 _____ C:\Users\locales\arb.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007062 _____ C:\Users\locales\en.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00000020 _____ C:\Users\inst_ver.dat
2015-09-17 16:28 - 2015-03-31 13:13 - 00000000 ____D C:\Users\locales
2015-09-17 16:28 - 2015-03-31 13:13 - 00000000 _____ C:\Users\Nicolas.redir
2015-09-14 11:47 - 2014-04-27 22:39 - 00000964 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003UA.job
2015-09-12 21:14 - 2015-03-10 19:27 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\vlc
2015-09-12 19:12 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\rescache
2015-09-10 19:15 - 2015-03-31 13:13 - 02332541 _____ C:\Users\Apps\musixmatch-lyrics.spa
2015-09-09 13:12 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-09-09 11:51 - 2009-07-13 21:33 - 00284336 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-09 11:49 - 2009-07-14 00:50 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-06 14:47 - 2015-08-22 11:34 - 00000000 ____D C:\ProgramData\TEMP
2015-09-06 14:29 - 2015-08-22 12:49 - 00000955 _____ C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\SAS7_000.DAT
 
==================== Files in the root of some directories =======
 
2015-08-22 12:49 - 2015-09-06 14:29 - 0000955 _____ () C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\SAS7_000.DAT
2015-01-25 18:42 - 2015-01-26 19:24 - 0000057 _____ () C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\WB.CFG
 
Some files in TEMP:
====================
C:\Users\Nicolas Chauvin 2.0\AppData\Local\Temp\HitmanPro.exe
C:\Users\Nicolas Chauvin 2.0\AppData\Local\Temp\sqlite3.dll
C:\Users\Nicolas Chauvin 2.0\AppData\Local\Temp\zWXxcl6rn4.exe
C:\Users\Nicolas Chauvin 2.0\AppData\Local\Temp\{47972ABB-E1E0-488C-BA2E-7ADF16B0B808}.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-01 12:24
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:04-10-2015
Ran by Nicolas Chauvin 2.0 (2015-10-04 13:54:00)
Running from C:\Users\Nicolas Chauvin 2.0\Documents\Security
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2014-02-01 23:22:39)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1908793814-2174131667-131035205-500 - Administrator - Disabled)
Guest (S-1-5-21-1908793814-2174131667-131035205-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1908793814-2174131667-131035205-1002 - Limited - Enabled)
Nicolas Chauvin 2.0 (S-1-5-21-1908793814-2174131667-131035205-1003 - Administrator - Enabled) => C:\Users\Nicolas Chauvin 2.0
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\uTorrent) (Version: 3.4.5.41073 - BitTorrent Inc.)
7-Zip 9.22beta (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\Amazon Kindle) (Version:  - Amazon)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Dasher 4.11 (HKLM\...\{BD8ECD28-2D32-11DF-8D17-000423472618}) (Version: 4.11 - The Dasher Project)
Dragon NaturallySpeaking 13 (HKLM\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FastStone Image Viewer 4.9 (HKLM\...\FastStone Image Viewer) (Version: 4.9 - FastStone Soft)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Talk Plugin (HKLM\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OpenOffice 4.1.1 (HKLM\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Skype™ 7.6 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
SoulseekQt (HKLM\...\SoulseekQt) (Version:  - )
Spotify (HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\Spotify) (Version: 1.0.14.124.g4dfabc51 - Spotify AB)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
System Requirements Lab for Intel (HKLM\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Yawcam 0.4.1 (HKLM\...\{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1908793814-2174131667-131035205-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1908793814-2174131667-131035205-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1908793814-2174131667-131035205-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1908793814-2174131667-131035205-1003_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1908793814-2174131667-131035205-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1908793814-2174131667-131035205-1003_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1908793814-2174131667-131035205-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1908793814-2174131667-131035205-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1908793814-2174131667-131035205-1003_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\1.3.28.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1908793814-2174131667-131035205-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1908793814-2174131667-131035205-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\1.3.28.15\psuser.dll (Google Inc.)
 
==================== Restore Points =========================
 
31-07-2015 11:20:40 Windows Update
04-08-2015 11:41:45 Windows Update
07-08-2015 11:57:29 Windows Update
11-08-2015 14:37:19 Windows Update
11-08-2015 19:32:33 Windows Update
13-08-2015 20:19:39 Windows Update
14-08-2015 13:55:18 Windows Update
18-08-2015 15:11:01 Windows Update
19-08-2015 00:49:07 Windows Update
22-08-2015 11:09:19 Installato Dragon NaturallySpeaking 13.
24-08-2015 00:30:55 Windows Update
24-08-2015 21:02:40 Windows Update
28-08-2015 15:15:11 Windows Update
01-09-2015 11:29:36 Windows Update
04-09-2015 12:29:34 Windows Update
08-09-2015 17:04:59 Windows Update
08-09-2015 20:52:41 Windows Update
09-09-2015 11:39:12 Windows Modules Installer
09-09-2015 11:41:51 Windows Modules Installer
09-09-2015 11:43:04 Windows Modules Installer
15-09-2015 11:56:38 Windows Update
18-09-2015 12:18:08 Windows Update
18-09-2015 13:03:01 Installed Dasher 4.11
22-09-2015 11:29:45 Windows Update
25-09-2015 11:34:14 Windows Update
29-09-2015 12:05:20 Windows Update
02-10-2015 19:18:31 JRT Pre-Junkware Removal
02-10-2015 20:10:04 Checkpoint by HitmanPro
02-10-2015 21:18:57 Zemana AntiMalware 10/2/2015 9:18:56 PM
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:04 - 2009-06-10 14:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {2D16EC58-843E-4EC3-92A0-F7AF05F1E0D7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003UA => C:\Users\Nicolas Chauvin 2.0\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {455381DA-73FD-40ED-B62F-17D8A54EBD6E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-10-03] (Google Inc.)
Task: {4B4D25FC-605B-44D6-84D1-E32E7A83B967} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003Core => C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {75BAC42D-AE73-4584-BF33-E26B65221F0D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-10-03] (Google Inc.)
Task: {BAE0758B-7E55-4560-ACE9-832601DA56D5} - System32\Tasks\{325CAAEB-EA0E-4A9C-BC9B-60E0D2110F58} => pcalua.exe -a "C:\Users\Nicolas Chauvin 2.0\Downloads\win7_1512754.exe" -d "C:\Users\Nicolas Chauvin 2.0\Downloads"
Task: {C5B9534D-D699-43BD-B9A2-4A8B2BE2FB00} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-01] (Avast Software s.r.o.)
Task: {ECC0DB03-FAC1-417A-A3EA-E8361DCAC522} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {F124AFCA-D217-4648-8A8F-613A2A2C75AC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003UA => C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {F923D5AB-F0B9-4E4B-9448-1E2AE1826987} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003Core => C:\Users\Nicolas Chauvin 2.0\AppData\Local\Facebook\Update\FacebookUpdate.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003Core.job => C:\Users\Nicolas Chauvin 2.0\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003UA.job => C:\Users\Nicolas Chauvin 2.0\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003Core.job => C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003UA.job => C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-01 12:09 - 2015-07-01 12:09 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-01 12:09 - 2015-07-01 12:09 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-10-03 11:18 - 2015-10-03 11:18 - 02966528 _____ () C:\Program Files\AVAST Software\Avast\defs\15100301\algo.dll
2015-10-04 12:58 - 2015-10-04 12:58 - 02966528 _____ () C:\Program Files\AVAST Software\Avast\defs\15100401\algo.dll
2015-07-01 12:09 - 2015-07-01 12:10 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-10-03 14:50 - 2015-09-23 19:34 - 01501512 _____ () C:\Program Files\Google\Chrome\Application\45.0.2454.101\libglesv2.dll
2015-10-03 14:50 - 2015-09-23 19:34 - 00081224 _____ () C:\Program Files\Google\Chrome\Application\45.0.2454.101\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\123simsen.com -> www.123simsen.com
 
There are 7865 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1908793814-2174131667-131035205-1003\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.0.1 - 205.171.2.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{7DA5F9A7-3ED9-4461-BF37-14F5C7A17766}C:\users\nicolas chauvin 2.0\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nicolas chauvin 2.0\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C0257C3F-5C44-4AF4-A41D-13E50E1253FD}C:\users\nicolas chauvin 2.0\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nicolas chauvin 2.0\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{2D81C637-A96E-4E56-969F-3EC145BE7032}C:\users\nicolas chauvin 2.0\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nicolas chauvin 2.0\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{D9B83318-8B64-4E92-8C49-51E04B097B5A}C:\users\nicolas chauvin 2.0\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nicolas chauvin 2.0\appdata\roaming\spotify\spotify.exe
FirewallRules: [{74CC395B-2174-40CA-9DAA-5A1209DA8BEC}] => (Allow) C:\Users\Nicolas Chauvin 2.0\Downloads\uTorrent.exe
FirewallRules: [{55A3651B-27F0-45AD-A4D0-93C8E59DAC6B}] => (Allow) C:\Users\Nicolas Chauvin 2.0\Downloads\uTorrent.exe
FirewallRules: [TCP Query User{B3EF1DFE-E1C9-436D-A303-8C21B54381F0}C:\program files\soulseekqt\soulseekqt.exe] => (Allow) C:\program files\soulseekqt\soulseekqt.exe
FirewallRules: [UDP Query User{7A464496-EBAC-493D-9435-A5982E59ABB9}C:\program files\soulseekqt\soulseekqt.exe] => (Allow) C:\program files\soulseekqt\soulseekqt.exe
FirewallRules: [{17221E1A-895C-42D6-B041-2407B2E51011}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{88BC5C3F-43B1-440B-B73F-05EA92D5FD2E}] => (Allow) C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FE9A5EFE-AAE1-4FD5-BA50-92FBD4D325ED}] => (Allow) C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CDFC59BF-3EB7-416D-9DF3-7204B7B76BE5}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{F662122A-041A-4ECD-A5AC-F056C90637C7}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{8D230368-2F7F-489B-A91C-FFAB3075F854}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{F3EDBA89-5C93-4DDC-8C2A-505F1248BB44}] => (Allow) LPort=51001
FirewallRules: [{CE56A605-7D8E-4979-8C64-05521B5CF4B1}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/03/2015 05:46:30 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
 
Error: (10/02/2015 07:15:30 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhost (3224) WebCacheLocal: Error -1811 occurred while opening logfile C:\Users\Nicolas Chauvin 2.0\AppData\Local\Microsoft\Windows\WebCache\V01000FE.log.
 
Error: (10/02/2015 05:30:19 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054
 
Error: (10/02/2015 05:26:44 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054
 
Error: (10/02/2015 12:07:13 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
 
Error: (10/01/2015 08:24:58 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054
 
Error: (10/01/2015 12:26:35 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
 
Error: (09/30/2015 07:46:49 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054
 
Error: (09/29/2015 07:14:03 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054
 
Error: (09/28/2015 08:39:09 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
 
 
System errors:
=============
Error: (10/02/2015 07:19:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (10/02/2015 07:19:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (10/02/2015 07:19:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dragon Logger service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (10/02/2015 07:19:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dragon Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/02/2015 07:12:26 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (10/02/2015 07:11:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (10/02/2015 07:11:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (10/02/2015 07:11:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dragon Logger service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (10/02/2015 07:11:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dragon Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/02/2015 07:11:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 46%
Total physical RAM: 2974.93 MB
Available physical RAM: 1599.77 MB
Total Virtual: 5948.16 MB
Available Virtual: 4299.38 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:285.77 GB) (Free:21.79 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:12.12 GB) (Free:2.04 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.13 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E7E8E0A0)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=285.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.1 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

#6
NumeroUnoCabron
Posted 04 October 2015 - 03:58 PM

NumeroUnoCabron

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Please ignore the previous logs. These are the up-to-date logs"

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:04-10-2015
Ran by Nicolas Chauvin 2.0 (administrator) on SEAN (04-10-2015 14:54:52)
Running from C:\Users\Nicolas Chauvin 2.0\Documents\Security
Loaded Profiles: Nicolas Chauvin 2.0 (Available Profiles: Nicolas Chauvin 2.0)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Nuance Communications, Inc.) C:\Program Files\Common Files\Nuance\dgnsvc.exe
(Nuance Communications, Inc.) C:\Program Files\Common Files\Nuance\loggerservice.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Spotify Ltd) C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Google Inc.) C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\GoogleUpdate.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-07-06] (Avast Software s.r.o.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2075480 2013-06-24] (Flexera Software LLC.)
HKLM\...\Run: [DNS7reminder] => C:\Program Files\Nuance\NaturallySpeaking13\Ereg\Ereg.exe [325960 2014-05-30] (Nuance Communications, Inc.)
HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\Run: [Spotify Web Helper] => C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2025016 2015-09-21] (Spotify Ltd)
HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\Run: [Google Update] => C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.)
HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2075480 2013-06-24] (Flexera Software LLC.)
HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\MountPoints2: {c49c2100-1f71-11e5-a841-00269e2d7972} - G:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-02-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-07-01] (Avast Software s.r.o.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{812FE7BD-8B2D-434D-A4F4-911A87B6A792}: [DhcpNameServer] 192.168.0.1 205.171.2.65
Tcpip\..\Interfaces\{E3FF2110-CF1F-43FF-9E7B-B0C35D7E061D}: [DhcpNameServer] 192.168.0.1 205.171.2.25
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1908793814-2174131667-131035205-1003 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = 
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2015-04-20] (Nuance Communications, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-03-05] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Mozilla\Firefox\Profiles\3v5gf8jo.default
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-03-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-03-05] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-03] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-03] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: nuance.com/DgnRia2 -> C:\Program Files\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [2015-04-20] (Nuance Communications, Inc.)
FF Plugin HKU\S-1-5-21-1908793814-2174131667-131035205-1003: @talk.google.com/GoogleTalkPlugin -> C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1908793814-2174131667-131035205-1003: @talk.google.com/O1DPlugin -> C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1908793814-2174131667-131035205-1003: @tools.google.com/Google Update;version=3 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-1908793814-2174131667-131035205-1003: @tools.google.com/Google Update;version=9 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: turkopticon - C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Mozilla\Firefox\Profiles\3v5gf8jo.default\Extensions\{4324f4a6-3a89-477e-b388-6bca032df78b}.xpi [2014-05-21]
FF Extension: Greasemonkey - C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Mozilla\Firefox\Profiles\3v5gf8jo.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-05-21]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF => not found
 
Chrome: 
=======
CHR Profile: C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-03]
CHR Extension: (Google Docs) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-03]
CHR Extension: (Google Drive) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-03]
CHR Extension: (YouTube) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-03]
CHR Extension: (uBlock Origin) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-10-03]
CHR Extension: (Google Search) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-03]
CHR Extension: (Google Sheets) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-03]
CHR Extension: (Google Docs Offline) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-03]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2015-10-03]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2015-10-03]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-10-03]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-10-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-03]
CHR Extension: (Gmail) - C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-03]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-07-01] (Avast Software s.r.o.)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-07-01] (Avast Software)
R2 DragonLoggerService; C:\Program Files\Common Files\Nuance\loggerservice.exe [151616 2015-04-20] (Nuance Communications, Inc.)
R2 DragonSvc; C:\Program Files\Common Files\Nuance\dgnsvc.exe [339008 2015-04-20] (Nuance Communications, Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-07-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-07-01] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-07-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-07-01] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [428120 2015-07-06] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-07-01] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
S3 NETw1v32; C:\Windows\System32\DRIVERS\NETw1v32.sys [5958656 2009-07-20] (Intel Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-07-01] (Avast Software)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-04 14:43 - 2015-10-04 14:43 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-10-03 14:52 - 2015-10-03 14:52 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-03 14:50 - 2015-10-04 14:55 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-03 14:50 - 2015-10-04 14:55 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-03 14:50 - 2015-10-03 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-03 14:49 - 2015-10-03 14:50 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Local\Deployment
2015-10-03 14:49 - 2015-10-03 14:49 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Local\Apps\2.0
2015-10-03 14:47 - 2015-10-04 14:43 - 00000966 _____ C:\Windows\PFRO.log
2015-10-03 14:47 - 2015-10-04 14:43 - 00000280 _____ C:\Windows\setupact.log
2015-10-03 14:47 - 2015-10-03 14:47 - 00000000 _____ C:\Windows\setuperr.log
2015-10-03 14:43 - 2015-10-03 14:43 - 00416599 _____ C:\Users\Nicolas Chauvin 2.0\Documents\bookmarks_10_3_15.html
2015-10-03 14:33 - 2015-10-03 14:33 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Nicolas Chauvin 2.0\Downloads\tdsskiller.exe
2015-10-03 14:05 - 2015-10-04 14:42 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\Documents\Security
2015-10-02 20:20 - 2015-10-03 14:47 - 00000000 ____D C:\Program Files\Zemana AntiMalware
2015-10-02 20:19 - 2015-10-02 20:20 - 05078968 _____ ( ) C:\Users\Nicolas Chauvin 2.0\Downloads\Zemana.AntiMalware.Setup.exe
2015-10-02 20:19 - 2015-10-02 20:19 - 05078968 _____ ( ) C:\Users\Nicolas Chauvin 2.0\Downloads\Zemana.AntiMalware.Setup (1).exe
2015-10-02 20:19 - 2015-10-02 20:19 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Local\Zemana
2015-10-02 20:03 - 2015-10-02 20:11 - 00000000 ____D C:\ProgramData\HitmanPro
2015-10-02 19:59 - 2015-10-02 20:03 - 10367880 _____ (SurfRight B.V.) C:\Users\Nicolas Chauvin 2.0\Downloads\HitmanPro.exe
2015-10-02 19:17 - 2015-10-02 19:17 - 01801288 _____ (Malwarebytes) C:\Users\Nicolas Chauvin 2.0\Downloads\JRT.exe
2015-10-02 19:10 - 2015-10-02 19:11 - 00000000 ____D C:\AdwCleaner
2015-10-02 19:04 - 2015-10-02 19:04 - 01670656 _____ C:\Users\Nicolas Chauvin 2.0\Downloads\adwcleaner_5.009.exe
2015-10-02 18:19 - 2015-10-04 14:54 - 00000000 ____D C:\FRST
2015-10-02 18:19 - 2015-10-02 18:19 - 01696256 _____ (Farbar) C:\Users\Nicolas Chauvin 2.0\Downloads\FRST.exe
2015-10-02 17:41 - 2015-10-02 17:41 - 00388608 _____ (Trend Micro Inc.) C:\Users\Nicolas Chauvin 2.0\Downloads\HijackThis (1).exe
2015-10-02 17:36 - 2015-10-02 17:36 - 00055104 _____ C:\Users\Nicolas Chauvin 2.0\Documents\cc_20151002_173616.reg
2015-09-23 15:49 - 2015-09-23 15:49 - 00019041 _____ C:\Users\Nicolas Chauvin 2.0\Downloads\Graphs.xlsx.xlsx
2015-09-23 15:48 - 2015-09-23 15:48 - 00012093 _____ C:\Users\Nicolas Chauvin 2.0\Downloads\Instructions_Graph (1).xlsx
2015-09-22 19:39 - 2015-09-22 19:39 - 00005969 _____ C:\Users\Nicolas Chauvin 2.0\Downloads\Whatever (1).xlsx
2015-09-22 19:37 - 2015-09-22 19:37 - 00005969 _____ C:\Users\Nicolas Chauvin 2.0\Downloads\Whatever.xlsx
2015-09-18 16:00 - 2015-09-18 16:00 - 00012093 _____ C:\Users\Nicolas Chauvin 2.0\Downloads\Instructions_Graph.xlsx
2015-09-18 13:04 - 2015-09-18 19:10 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\dasher.rc
2015-09-18 13:03 - 2015-09-18 13:03 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dasher 4.11
2015-09-18 13:03 - 2015-09-18 13:03 - 00000000 ____D C:\Program Files\Dasher
2015-09-18 12:58 - 2015-09-18 12:59 - 09722076 _____ C:\Users\Nicolas Chauvin 2.0\Downloads\Dasher 4.11.msi
2015-09-08 17:16 - 2015-08-05 10:41 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-08 17:16 - 2015-08-05 10:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-08 17:16 - 2015-08-05 10:40 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-09-08 17:16 - 2015-08-04 10:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-08 17:16 - 2015-08-04 10:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-08 17:16 - 2015-08-04 10:47 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-08 17:16 - 2015-08-04 10:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-08 17:16 - 2015-08-04 10:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-08 17:16 - 2015-08-04 09:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-08 17:15 - 2015-09-01 19:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-08 17:15 - 2015-09-01 19:48 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-08 17:15 - 2015-09-01 19:48 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-08 17:15 - 2015-09-01 19:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-08 17:15 - 2015-09-01 18:36 - 02384896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-08 17:15 - 2015-09-01 18:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-08 17:15 - 2015-08-26 10:56 - 02953728 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-08 17:15 - 2015-08-26 10:56 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-08 17:15 - 2015-08-26 10:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-08 17:15 - 2015-08-26 10:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-08 17:15 - 2015-08-26 10:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-08 17:15 - 2015-08-26 10:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-08 17:15 - 2015-08-26 10:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-08 17:15 - 2015-08-26 10:55 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-08 17:15 - 2015-08-26 10:55 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-08 17:15 - 2015-08-26 10:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-08 17:15 - 2015-08-26 10:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-08 17:15 - 2015-08-17 18:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-08 17:15 - 2015-08-14 23:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-08 17:15 - 2015-08-14 22:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-08 17:15 - 2015-08-14 22:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-08 17:15 - 2015-08-14 22:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-08 17:15 - 2015-08-14 22:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-08 17:15 - 2015-08-14 22:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-08 17:15 - 2015-08-14 22:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-08 17:15 - 2015-08-14 22:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-08 17:15 - 2015-08-14 22:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-08 17:15 - 2015-08-14 22:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-08 17:15 - 2015-08-14 22:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-08 17:15 - 2015-08-14 22:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-08 17:15 - 2015-08-14 22:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-08 17:15 - 2015-08-14 22:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-08 17:15 - 2015-08-14 22:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-08 17:15 - 2015-08-14 22:29 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-08 17:15 - 2015-08-14 22:24 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-08 17:15 - 2015-08-14 22:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-08 17:15 - 2015-08-14 22:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-08 17:15 - 2015-08-14 22:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-08 17:15 - 2015-08-14 22:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-08 17:15 - 2015-08-14 22:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-08 17:15 - 2015-08-14 22:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-08 17:15 - 2015-08-14 22:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-08 17:15 - 2015-08-14 22:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-08 17:15 - 2015-08-14 22:02 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-08 17:15 - 2015-08-14 22:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-08 17:15 - 2015-08-14 22:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-08 17:15 - 2015-08-14 21:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-08 17:15 - 2015-08-14 21:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-08 17:15 - 2015-08-14 21:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-08 17:15 - 2015-07-14 19:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-04 14:47 - 2014-02-01 17:55 - 01867681 _____ C:\Windows\WindowsUpdate.log
2015-10-04 14:43 - 2009-07-13 21:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-04 14:42 - 2009-07-13 21:34 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-04 14:42 - 2009-07-13 21:34 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-04 14:41 - 2014-03-30 17:04 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\LocalLow\Temp
2015-10-04 14:41 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\system32\GroupPolicy
2015-10-03 21:12 - 2014-05-26 00:07 - 00000984 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003UA.job
2015-10-03 14:51 - 2014-02-16 11:58 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google
2015-10-03 14:50 - 2014-02-14 15:04 - 00000000 ____D C:\Program Files\Google
2015-10-03 11:52 - 2014-04-27 22:39 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003Core.job
2015-10-02 21:19 - 2015-01-19 15:29 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\Downloads\backups
2015-10-02 21:19 - 2014-02-16 11:52 - 00000930 _____ C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-02 19:28 - 2015-01-19 15:47 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-02 17:38 - 2015-01-19 15:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-02 17:38 - 2015-01-19 15:47 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-10-02 17:28 - 2015-01-19 16:10 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-10-02 17:28 - 2014-02-23 14:51 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\uTorrent
2015-10-02 17:14 - 2015-08-20 18:39 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\Desktop\Statistics
2015-10-01 19:00 - 2014-02-16 12:12 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Local\Spotify
2015-10-01 18:28 - 2014-02-16 12:12 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\Spotify
2015-09-30 19:11 - 2015-09-01 19:41 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\Desktop\Intro to Social Work
2015-09-30 01:14 - 2014-05-26 00:07 - 00000962 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003Core.job
2015-09-29 17:54 - 2015-08-22 16:28 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\Desktop\Social Work Philosophy
2015-09-18 16:47 - 2014-02-16 11:52 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Local\VirtualStore
2015-09-17 16:28 - 2015-08-22 22:24 - 00378993 _____ C:\Users\Apps\creator-about-modals.spa
2015-09-17 16:28 - 2015-08-11 13:56 - 01867297 _____ C:\Users\Apps\musixmatch-lyrics-cp.spa
2015-09-17 16:28 - 2015-08-11 13:56 - 00449780 _____ C:\Users\snapshot_blob.bin
2015-09-17 16:28 - 2015-08-11 13:56 - 00410937 _____ C:\Users\natives_blob.bin
2015-09-17 16:28 - 2015-05-27 20:29 - 00607382 _____ C:\Users\Apps\local-files-desktop.spa
2015-09-17 16:28 - 2015-05-13 12:31 - 00195849 _____ C:\Users\Apps\hub.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 45067320 _____ C:\Users\libcef.dll
2015-09-17 16:28 - 2015-03-31 13:13 - 10207504 _____ C:\Users\icudtl.dat
2015-09-17 16:28 - 2015-03-31 13:13 - 07535672 _____ (Spotify Ltd) C:\Users\Spotify.exe
2015-09-17 16:28 - 2015-03-31 13:13 - 04487782 _____ C:\Users\devtools_resources.pak
2015-09-17 16:28 - 2015-03-31 13:13 - 03457592 _____ (Microsoft Corporation) C:\Users\d3dcompiler_47.dll
2015-09-17 16:28 - 2015-03-31 13:13 - 02184260 _____ C:\Users\cef.pak
2015-09-17 16:28 - 2015-03-31 13:13 - 02157553 _____ C:\Users\Apps\glue-resources.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 02106424 _____ (Microsoft Corporation) C:\Users\d3dcompiler_43.dll
2015-09-17 16:28 - 2015-03-31 13:13 - 02018360 _____ (Spotify Ltd) C:\Users\SpotifyWebHelper.exe
2015-09-17 16:28 - 2015-03-31 13:13 - 01649208 _____ C:\Users\libGLESv2.dll
2015-09-17 16:28 - 2015-03-31 13:13 - 00967736 _____ (The Chromium Authors) C:\Users\ffmpegsumo.dll
2015-09-17 16:28 - 2015-03-31 13:13 - 00900495 _____ C:\Users\Apps\zlink.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00839224 _____ (Spotify Ltd) C:\Users\SpotifyCrashService.exe
2015-09-17 16:28 - 2015-03-31 13:13 - 00768038 _____ C:\Users\Apps\playlist-desktop.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00761075 _____ C:\Users\Apps\artist.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00750083 _____ C:\Users\Apps\browse.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00622967 _____ C:\Users\cef_200_percent.pak
2015-09-17 16:28 - 2015-03-31 13:13 - 00555515 _____ C:\Users\Apps\genre.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00549988 _____ C:\Users\Apps\notification-center.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00538456 _____ C:\Users\Apps\settings.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00528578 _____ C:\Users\Apps\collection.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00520851 _____ C:\Users\Apps\collection-artist.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00520120 _____ C:\Users\Apps\discover.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00488825 _____ C:\Users\Apps\album.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00487229 _____ C:\Users\Apps\article.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00478891 _____ C:\Users\Apps\messages.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00468951 _____ C:\Users\cef_100_percent.pak
2015-09-17 16:28 - 2015-03-31 13:13 - 00466223 _____ C:\Users\Apps\collection-album.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00456502 _____ C:\Users\Apps\social-feed.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00453236 _____ C:\Users\Apps\charts.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00398127 _____ C:\Users\Apps\zlogin.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00395528 _____ C:\Users\Apps\collection-songs.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00387716 _____ C:\Users\Apps\social-chart.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00369607 _____ C:\Users\Apps\buddy-list.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00336806 _____ C:\Users\Apps\radio.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00321096 _____ C:\Users\Apps\chart.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00285977 _____ C:\Users\Apps\folder.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00277789 _____ C:\Users\Apps\share.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00261124 _____ C:\Users\Apps\zlink-queue.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00246967 _____ C:\Users\Apps\profile.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00236915 _____ C:\Users\Apps\search.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00218391 _____ C:\Users\Apps\findfriends.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00186702 _____ C:\Users\Apps\suggest.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00158229 _____ C:\Users\Apps\follow.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00098360 _____ (Spotify Ltd) C:\Users\SpotifyLauncher.exe
2015-09-17 16:28 - 2015-03-31 13:13 - 00088762 _____ C:\Users\Apps\about.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00080952 _____ C:\Users\libEGL.dll
2015-09-17 16:28 - 2015-03-31 13:13 - 00078348 _____ C:\Users\Apps\error.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00073272 _____ C:\Users\wow_helper.exe
2015-09-17 16:28 - 2015-03-31 13:13 - 00053462 _____ C:\Users\Apps\ad.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00050934 _____ C:\Users\Apps\licenses.spa
2015-09-17 16:28 - 2015-03-31 13:13 - 00014086 _____ C:\Users\locales\en-US.pak
2015-09-17 16:28 - 2015-03-31 13:13 - 00009273 _____ C:\Users\locales\el.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00008384 _____ C:\Users\locales\ru.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00008121 _____ C:\Users\locales\ja.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007783 _____ C:\Users\locales\fr-CA.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007735 _____ C:\Users\locales\hu.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007669 _____ C:\Users\locales\pl.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007662 _____ C:\Users\locales\fr.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007627 _____ C:\Users\locales\fi.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007542 _____ C:\Users\locales\es-419.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007515 _____ C:\Users\locales\nl.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007499 _____ C:\Users\locales\es.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007490 _____ C:\Users\locales\de.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007475 _____ C:\Users\locales\it.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007461 _____ C:\Users\locales\tr.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007404 _____ C:\Users\locales\zsm.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007402 _____ C:\Users\locales\pt-BR.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007385 _____ C:\Users\locales\sv.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007290 _____ C:\Users\locales\zh-Hant.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007133 _____ C:\Users\locales\arb.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00007062 _____ C:\Users\locales\en.mo
2015-09-17 16:28 - 2015-03-31 13:13 - 00000020 _____ C:\Users\inst_ver.dat
2015-09-17 16:28 - 2015-03-31 13:13 - 00000000 ____D C:\Users\locales
2015-09-17 16:28 - 2015-03-31 13:13 - 00000000 _____ C:\Users\Nicolas.redir
2015-09-14 11:47 - 2014-04-27 22:39 - 00000964 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003UA.job
2015-09-12 21:14 - 2015-03-10 19:27 - 00000000 ____D C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\vlc
2015-09-12 19:12 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\rescache
2015-09-10 19:15 - 2015-03-31 13:13 - 02332541 _____ C:\Users\Apps\musixmatch-lyrics.spa
2015-09-09 13:12 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-09-09 11:51 - 2009-07-13 21:33 - 00284336 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-09 11:49 - 2009-07-14 00:50 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-06 14:47 - 2015-08-22 11:34 - 00000000 ____D C:\ProgramData\TEMP
2015-09-06 14:29 - 2015-08-22 12:49 - 00000955 _____ C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\SAS7_000.DAT
 
==================== Files in the root of some directories =======
 
2015-08-22 12:49 - 2015-09-06 14:29 - 0000955 _____ () C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\SAS7_000.DAT
2015-01-25 18:42 - 2015-01-26 19:24 - 0000057 _____ () C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\WB.CFG
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-01 12:24
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:04-10-2015
Ran by Nicolas Chauvin 2.0 (2015-10-04 14:55:38)
Running from C:\Users\Nicolas Chauvin 2.0\Documents\Security
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2014-02-01 23:22:39)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1908793814-2174131667-131035205-500 - Administrator - Disabled)
Guest (S-1-5-21-1908793814-2174131667-131035205-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1908793814-2174131667-131035205-1002 - Limited - Enabled)
Nicolas Chauvin 2.0 (S-1-5-21-1908793814-2174131667-131035205-1003 - Administrator - Enabled) => C:\Users\Nicolas Chauvin 2.0
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\uTorrent) (Version: 3.4.5.41073 - BitTorrent Inc.)
7-Zip 9.22beta (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\Amazon Kindle) (Version:  - Amazon)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Dasher 4.11 (HKLM\...\{BD8ECD28-2D32-11DF-8D17-000423472618}) (Version: 4.11 - The Dasher Project)
Dragon NaturallySpeaking 13 (HKLM\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FastStone Image Viewer 4.9 (HKLM\...\FastStone Image Viewer) (Version: 4.9 - FastStone Soft)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Talk Plugin (HKLM\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
OpenOffice 4.1.1 (HKLM\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Skype™ 7.6 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
SoulseekQt (HKLM\...\SoulseekQt) (Version:  - )
Spotify (HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\Spotify) (Version: 1.0.14.124.g4dfabc51 - Spotify AB)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
System Requirements Lab for Intel (HKLM\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Yawcam 0.4.1 (HKLM\...\{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1908793814-2174131667-131035205-1003_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1908793814-2174131667-131035205-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1908793814-2174131667-131035205-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1908793814-2174131667-131035205-1003_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1908793814-2174131667-131035205-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1908793814-2174131667-131035205-1003_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1908793814-2174131667-131035205-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1908793814-2174131667-131035205-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1908793814-2174131667-131035205-1003_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\1.3.28.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1908793814-2174131667-131035205-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\1.3.28.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1908793814-2174131667-131035205-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\1.3.28.15\psuser.dll (Google Inc.)
 
==================== Restore Points =========================
 
31-07-2015 11:20:40 Windows Update
04-08-2015 11:41:45 Windows Update
07-08-2015 11:57:29 Windows Update
11-08-2015 14:37:19 Windows Update
11-08-2015 19:32:33 Windows Update
13-08-2015 20:19:39 Windows Update
14-08-2015 13:55:18 Windows Update
18-08-2015 15:11:01 Windows Update
19-08-2015 00:49:07 Windows Update
22-08-2015 11:09:19 Installato Dragon NaturallySpeaking 13.
24-08-2015 00:30:55 Windows Update
24-08-2015 21:02:40 Windows Update
28-08-2015 15:15:11 Windows Update
01-09-2015 11:29:36 Windows Update
04-09-2015 12:29:34 Windows Update
08-09-2015 17:04:59 Windows Update
08-09-2015 20:52:41 Windows Update
09-09-2015 11:39:12 Windows Modules Installer
09-09-2015 11:41:51 Windows Modules Installer
09-09-2015 11:43:04 Windows Modules Installer
15-09-2015 11:56:38 Windows Update
18-09-2015 12:18:08 Windows Update
18-09-2015 13:03:01 Installed Dasher 4.11
22-09-2015 11:29:45 Windows Update
25-09-2015 11:34:14 Windows Update
29-09-2015 12:05:20 Windows Update
02-10-2015 19:18:31 JRT Pre-Junkware Removal
02-10-2015 20:10:04 Checkpoint by HitmanPro
02-10-2015 21:18:57 Zemana AntiMalware 10/2/2015 9:18:56 PM
04-10-2015 14:41:17 Restore Point Created by FRST
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:04 - 2009-06-10 14:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {2D16EC58-843E-4EC3-92A0-F7AF05F1E0D7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003UA => C:\Users\Nicolas Chauvin 2.0\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {455381DA-73FD-40ED-B62F-17D8A54EBD6E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-10-03] (Google Inc.)
Task: {4B4D25FC-605B-44D6-84D1-E32E7A83B967} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003Core => C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {75BAC42D-AE73-4584-BF33-E26B65221F0D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-10-03] (Google Inc.)
Task: {BAE0758B-7E55-4560-ACE9-832601DA56D5} - System32\Tasks\{325CAAEB-EA0E-4A9C-BC9B-60E0D2110F58} => pcalua.exe -a "C:\Users\Nicolas Chauvin 2.0\Downloads\win7_1512754.exe" -d "C:\Users\Nicolas Chauvin 2.0\Downloads"
Task: {C5B9534D-D699-43BD-B9A2-4A8B2BE2FB00} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-01] (Avast Software s.r.o.)
Task: {ECC0DB03-FAC1-417A-A3EA-E8361DCAC522} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {F124AFCA-D217-4648-8A8F-613A2A2C75AC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003UA => C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {F923D5AB-F0B9-4E4B-9448-1E2AE1826987} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003Core => C:\Users\Nicolas Chauvin 2.0\AppData\Local\Facebook\Update\FacebookUpdate.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003Core.job => C:\Users\Nicolas Chauvin 2.0\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003UA.job => C:\Users\Nicolas Chauvin 2.0\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003Core.job => C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1908793814-2174131667-131035205-1003UA.job => C:\Users\Nicolas Chauvin 2.0\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-01 12:09 - 2015-07-01 12:09 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-01 12:09 - 2015-07-01 12:09 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-10-04 12:58 - 2015-10-04 12:58 - 02966528 _____ () C:\Program Files\AVAST Software\Avast\defs\15100401\algo.dll
2015-07-01 12:09 - 2015-07-01 12:10 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-10-03 14:50 - 2015-09-23 19:34 - 01501512 _____ () C:\Program Files\Google\Chrome\Application\45.0.2454.101\libglesv2.dll
2015-10-03 14:50 - 2015-09-23 19:34 - 00081224 _____ () C:\Program Files\Google\Chrome\Application\45.0.2454.101\libegl.dll
2015-10-03 14:50 - 2015-09-23 19:34 - 16487752 _____ () C:\Program Files\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1908793814-2174131667-131035205-1003\...\123simsen.com -> www.123simsen.com
 
There are 7865 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1908793814-2174131667-131035205-1003\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.0.1 - 205.171.2.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{7DA5F9A7-3ED9-4461-BF37-14F5C7A17766}C:\users\nicolas chauvin 2.0\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nicolas chauvin 2.0\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C0257C3F-5C44-4AF4-A41D-13E50E1253FD}C:\users\nicolas chauvin 2.0\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nicolas chauvin 2.0\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{2D81C637-A96E-4E56-969F-3EC145BE7032}C:\users\nicolas chauvin 2.0\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nicolas chauvin 2.0\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{D9B83318-8B64-4E92-8C49-51E04B097B5A}C:\users\nicolas chauvin 2.0\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nicolas chauvin 2.0\appdata\roaming\spotify\spotify.exe
FirewallRules: [{74CC395B-2174-40CA-9DAA-5A1209DA8BEC}] => (Allow) C:\Users\Nicolas Chauvin 2.0\Downloads\uTorrent.exe
FirewallRules: [{55A3651B-27F0-45AD-A4D0-93C8E59DAC6B}] => (Allow) C:\Users\Nicolas Chauvin 2.0\Downloads\uTorrent.exe
FirewallRules: [TCP Query User{B3EF1DFE-E1C9-436D-A303-8C21B54381F0}C:\program files\soulseekqt\soulseekqt.exe] => (Allow) C:\program files\soulseekqt\soulseekqt.exe
FirewallRules: [UDP Query User{7A464496-EBAC-493D-9435-A5982E59ABB9}C:\program files\soulseekqt\soulseekqt.exe] => (Allow) C:\program files\soulseekqt\soulseekqt.exe
FirewallRules: [{17221E1A-895C-42D6-B041-2407B2E51011}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{88BC5C3F-43B1-440B-B73F-05EA92D5FD2E}] => (Allow) C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FE9A5EFE-AAE1-4FD5-BA50-92FBD4D325ED}] => (Allow) C:\Users\Nicolas Chauvin 2.0\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CDFC59BF-3EB7-416D-9DF3-7204B7B76BE5}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{F662122A-041A-4ECD-A5AC-F056C90637C7}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{8D230368-2F7F-489B-A91C-FFAB3075F854}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{F3EDBA89-5C93-4DDC-8C2A-505F1248BB44}] => (Allow) LPort=51001
FirewallRules: [{CE56A605-7D8E-4979-8C64-05521B5CF4B1}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/04/2015 02:41:16 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {59ec16fe-fa93-41b0-808f-3d21fef4a698}
 
Error: (10/03/2015 05:46:30 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
 
Error: (10/02/2015 07:15:30 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhost (3224) WebCacheLocal: Error -1811 occurred while opening logfile C:\Users\Nicolas Chauvin 2.0\AppData\Local\Microsoft\Windows\WebCache\V01000FE.log.
 
Error: (10/02/2015 05:30:19 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054
 
Error: (10/02/2015 05:26:44 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054
 
Error: (10/02/2015 12:07:13 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
 
Error: (10/01/2015 08:24:58 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054
 
Error: (10/01/2015 12:26:35 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
 
Error: (09/30/2015 07:46:49 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054
 
Error: (09/29/2015 07:14:03 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054
 
 
System errors:
=============
Error: (10/02/2015 07:19:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (10/02/2015 07:19:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (10/02/2015 07:19:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dragon Logger service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (10/02/2015 07:19:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dragon Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/02/2015 07:12:26 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (10/02/2015 07:11:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (10/02/2015 07:11:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (10/02/2015 07:11:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Dragon Logger service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (10/02/2015 07:11:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dragon Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/02/2015 07:11:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 44%
Total physical RAM: 2974.93 MB
Available physical RAM: 1641.4 MB
Total Virtual: 5948.16 MB
Available Virtual: 4321.14 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:285.77 GB) (Free:20.84 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:12.12 GB) (Free:2.04 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.13 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E7E8E0A0)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=285.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.1 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

#7
Essexboy
Posted 05 October 2015 - 07:46 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer now ?

You can set Avast to detect and remove PUP's (potentially unwanted programmes)

Go to Settings > General
Place a tick in "Scan for Potentially Unwanted Programmes (PUP's) "
pups.JPG
  • 0

#8
NumeroUnoCabron
Posted 05 October 2015 - 12:55 PM

NumeroUnoCabron

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Seems to be working just fine. Thanks for all your help.


  • 0

#9
Essexboy
Posted 05 October 2015 - 02:39 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:


Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
javara.JPG


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#10
Essexboy
Posted 09 October 2015 - 12:29 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP