PDA

View Full Version : Dcom Server process terminated, computer restarts



fabthiombiano
2014-01-12, 03:55
Admin Edit, first topic: http://forums.spybot.info/showthread.php?70010-quot-DCOM-Server-Process-Launcher-Service-terminated

Hello, like recommended I have my DDS Log and aswMBR reports to post. However, i have few things to notice before. I did launch Erunt to backup my files and it went great. However it wouldnt let me run aswMBR so i launch it in safe mode. When i restarted, it appeared a message that the registry backed up with Erunt has a problem, so i tried to launch another one but it told me that it cant delete all the files from previous save so i canceled it. Another one is, i have already run combofix before hand but luckily it didnt finish the process because the computer turned off! Iam really desperate please help ! :(

P.S= Internet explorer is not running anymore, and the ads running in background still there!

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16750 BrowserJavaVersion: 10.13.2
Run by user at 21:18:35 on 2014-01-10
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.4091.2052 [GMT -8:00]
.
AV: Kaspersky Internet Security *Disabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\user\AppData\Local\StormAlerts\StormAlerts.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\user\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk -
StartupFolder: C:\Users\user\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\user\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK -
StartupFolder: C:\Users\user\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STORMA~2.LNK - C:\Users\user\AppData\Local\StormAlerts\StormAlerts.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859} - C:\Program Files (x86)\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{B0A727C2-F9BD-49EE-9C21-A4966D502B5F} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{B0A727C2-F9BD-49EE-9C21-A4966D502B5F}\16474777966696 : DHCPNameServer = 192.168.5.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859} - C:\Program Files (x86)\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE_x64.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: klogon - C:\Windows\System32\klogon.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2011-3-4 11864]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2011-3-10 29488]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-1-10 109352]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-1-10 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-1-10 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-1-10 171416]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]
S2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-4-24 206448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-4-13 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 StorSvc;Service de stockage;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-5-7 59392]
S3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-18 1255736]
S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S4 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2010-5-18 327064]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-01-10 10:39:27 -------- d-----w- C:\AdwCleaner
2014-01-10 09:40:19 -------- d-----w- C:\Users\user\AppData\Local\Weather_Warnings_LLC
2014-01-10 09:38:59 -------- d-----w- C:\Users\user\AppData\Local\StormAlerts
2014-01-10 09:37:47 -------- d-----w- C:\Program Files\HitmanPro
2014-01-10 09:36:35 -------- d-----w- C:\ProgramData\HitmanPro
2014-01-10 09:22:59 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys.bak
2014-01-10 09:21:58 146432 ----a-w- C:\Windows\System32\drivers\rmcast.sys.bak
2014-01-10 09:20:57 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys.bak
2014-01-10 09:19:59 78848 ----a-w- C:\Windows\System32\drivers\IPMIDrv.sys.bak
2014-01-10 09:18:59 64512 ----a-w- C:\Windows\System32\drivers\amdk8.sys.bak
2014-01-10 09:15:40 -------- d-----w- C:\Program Files (x86)\BearShare Applications
2014-01-10 09:08:04 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2014-01-10 09:08:01 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-01-10 09:07:51 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-10 09:07:23 -------- d-----w- C:\Users\user\AppData\Local\Programs
2014-01-10 03:16:45 -------- d-----w- C:\$RECYCLE.BIN
2014-01-10 02:57:19 98816 ----a-w- C:\Windows\sed.exe
2014-01-10 02:57:19 256000 ----a-w- C:\Windows\PEV.exe
2014-01-10 02:57:19 208896 ----a-w- C:\Windows\MBR.exe
2014-01-10 02:57:09 -------- d-----w- C:\ComboFix
2014-01-09 11:24:48 -------- d-----w- C:\TDSSKiller_Quarantine
2014-01-09 11:18:17 -------- d-----w- C:\Users\user\.android
2014-01-09 11:18:10 -------- d-----w- C:\Users\user\AppData\Local\cache
2014-01-09 11:17:56 -------- d-----w- C:\Users\user\AppData\Roaming\newnext.me
2014-01-09 11:17:49 -------- d-----w- C:\Users\user\AppData\Local\genienext
2014-01-09 09:37:58 -------- d-----w- C:\Users\user\AppData\Local\{4AAB9E65-9CD0-481E-88FE-AEB81B77BAC7}
2014-01-08 19:32:51 -------- d-----w- C:\Users\user\AppData\Local\{FC914F1A-95F1-4AA3-821B-9AFFB710F9B8}
2014-01-08 03:47:48 -------- d--h--w- C:\ProgramData\{$1284-9213-2940-1289$}
2014-01-07 19:27:12 -------- d-----w- C:\Users\user\AppData\Local\{71FDF0EA-60DA-433D-A05E-AB7A1F70145D}
2014-01-06 18:26:22 -------- d-----w- C:\Users\user\AppData\Local\{4BC44031-D519-4A5F-B031-ED7426808515}
2014-01-05 21:40:03 -------- d-----w- C:\Users\user\AppData\Local\{1C63917D-BA19-4929-BA1F-EB7CCBD22E3C}
2014-01-05 09:39:34 -------- d-----w- C:\Users\user\AppData\Local\{0471E01D-9D55-446C-AF64-E40849AA0DBA}
2014-01-05 06:18:18 -------- d-----w- C:\Users\user\AppData\Local\CKFYW
2014-01-04 17:26:38 -------- d-----w- C:\Users\user\AppData\Local\{BEEB7765-344E-4675-BC66-EAE933658C13}
2014-01-04 04:29:06 -------- d-----w- C:\Users\user\AppData\Roaming\Pylaf
2014-01-04 04:29:06 -------- d-----w- C:\Users\user\AppData\Roaming\Nuruy
2014-01-04 04:29:06 -------- d-----w- C:\Users\user\AppData\Roaming\Ixixer
2014-01-04 03:58:57 -------- d-----w- C:\Users\user\AppData\Roaming\Yrfiwe
2014-01-04 03:58:57 -------- d-----w- C:\Users\user\AppData\Roaming\Ubucub
2014-01-04 03:58:57 -------- d-----w- C:\Users\user\AppData\Roaming\Odyh
2014-01-04 03:29:41 -------- d-----w- C:\Users\user\AppData\Local\{D42755F3-F5C4-4B98-833F-6639A4E70E98}
2014-01-04 03:08:25 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{52B9F076-B791-448F-B0EC-669DF92121AC}\mpengine.dll
2014-01-03 21:06:10 -------- d-----w- C:\Users\user\AppData\Roaming\Rymaic
2014-01-03 21:06:10 -------- d-----w- C:\Users\user\AppData\Roaming\Obytde
2014-01-03 21:06:10 -------- d-----w- C:\Users\user\AppData\Roaming\Deagep
2014-01-03 19:37:58 -------- d-sh--w- C:\ProgramData\bbtmp0
2014-01-03 10:48:14 -------- d-----w- C:\Users\user\AppData\Local\{4B737337-3319-4C99-8165-D5081BE65B17}
2014-01-03 10:37:21 -------- d-----w- C:\Users\user\AppData\Local\{BF014E26-F462-4710-891E-3D0AAFD582FA}
2014-01-03 10:36:32 -------- d--h--w- C:\ProgramData\REGVIEW
2014-01-02 02:44:45 -------- d-----w- C:\Users\user\AppData\Local\{B3254C0E-49F0-4558-AD87-F11F9EC05DEB}
2014-01-01 23:57:43 -------- d-----w- C:\Users\user\AppData\Local\{7CA44474-4985-47E2-9706-429A221F094C}
2013-12-31 16:44:15 -------- d-----w- C:\Users\user\AppData\Local\{9C6DE91A-18BF-559D-3CC8-B2A81C8B4231}
2013-12-30 02:08:06 -------- d-----w- C:\Users\user\AppData\Local\{324C473B-A68A-4C8C-A535-CBF903807446}
2013-12-28 10:35:25 -------- d-----w- C:\Users\user\AppData\Local\{084166BE-03D3-47A6-94C8-E9CB04248297}
2013-12-25 19:08:19 -------- d-----w- C:\Users\user\AppData\Local\{68F522E3-37F6-43D6-BDC3-7C92DF03A6C0}
2013-12-20 04:36:45 -------- d-----w- C:\Users\user\AppData\Local\{5A4069FE-B97A-402E-8491-DC0B7968BBE3}
2013-12-17 01:18:58 -------- d-----w- C:\Users\user\AppData\Local\{2FB25123-52FD-4ADF-8737-5587C1BF27B0}
2013-12-16 02:46:57 -------- d-----w- C:\Users\user\AppData\Local\{345905BB-78C9-458B-9B70-8F31C910BCE5}
2013-12-13 16:50:56 -------- d-----w- C:\Users\user\AppData\Local\{65AFBAE0-DC15-4B76-B123-EAE1C7F1126F}
2013-12-13 11:48:12 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-12-13 11:48:12 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-12-13 11:48:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-12-13 11:48:02 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-12-13 11:46:02 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
2013-12-13 11:46:02 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
2013-12-13 11:06:59 1084928 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-12-13 11:06:51 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-12-13 11:06:48 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-12-12 21:21:15 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-12-12 21:21:15 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-12-12 21:21:13 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-12-12 21:21:13 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-12-12 21:21:13 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-12-12 21:21:13 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-12-12 21:21:13 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-12-12 21:21:13 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-12-12 21:21:13 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-12-12 21:21:13 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-12-12 21:21:09 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-12-12 16:45:21 -------- d-----w- C:\Users\user\AppData\Local\{43D97A3E-D4DB-494A-925B-6CDDB5F3D9E0}
2013-12-12 11:02:09 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-12 11:02:09 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 11:02:07 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-12 11:02:06 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
.
==================== Find3M ====================
.
2013-12-11 00:09:05 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 00:09:05 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-19 11:33:38 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-25 06:17:57 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-25 06:17:52 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-10-25 06:17:52 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-10-25 04:43:42 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-10-25 04:43:38 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-10-25 04:43:38 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-10-25 04:07:48 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-10-25 03:41:01 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-10-25 03:17:49 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-25 02:49:34 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2011-06-09 19:03:40 3486088 ----a-w- C:\Program Files (x86)\Common Files\ApnToolbarInstaller.exe
2011-06-09 19:03:40 143240 ----a-w- C:\Program Files (x86)\Common Files\ApnStub.exe
2010-01-26 18:11:08 444283 ----a-w- C:\Program Files (x86)\Common Files\WinPcapNmap.exe
.
============= FINISH: 21:24:06,10 ===============



aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-01-10 22:03:51
-----------------------------
22:03:51.341 OS Version: Windows x64 6.1.7601 Service Pack 1
22:03:51.341 Number of processors: 2 586 0x170A
22:03:51.341 ComputerName: PC-FABIEN UserName: user
22:04:07.877 Initialze error C0000061 - driver not loaded
22:18:31.978 AVAST engine defs: 14010701
22:20:21.490 The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"

ken545
2014-01-18, 22:32
:welcome:

http://forums.spybot.info/showthread.php?288-quot-BEFORE-You-POST-quot-(Please-read-this-Procedure-Before-Requesting-Assistance)
I wish you would have read Before you Post and not run any tools on your own, as far as the DCOM error, not sure what you have done to cause that. Its very dangerous to run tools that you see on the forums unless advised by a helper as sometimes they can cause more problems than good depending on your system. I see you have run Combofix, not sure what it has done, you also ran TDSSKiller, again not sure what it removed. So what you have done is basically left me in the dark as to what if any your infected with


Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please




OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

fabthiombiano
2014-01-21, 03:33
Hello,

Sorry for the late reply it just that the computer was giving me hard time couldn't stop it to restart after the dcom error message until I found the shutdown command. Before I post the reports and logs I want to clarify one thing. All the problems started when I noticed that ads are running in background for ever. That's the moment where the dcom error and plug error started to pop up every time I turn on the laptop. ok here are the reports, and thank you again for your support:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.20.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16750
user :: PC-FABIEN [administrator]

20/01/2014 10:43:05
mbam-log-2014-01-20 (10-43-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 273458
Time elapsed: 18 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 6
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Storm Alerts (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\ct3306061 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Weather_Warnings_LLC\StormAlerts.exe_Url_2y40p3l0iiurgaldix5udkxizwzfrrrr (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Weather_Warnings_LLC\StormAlerts.exe_Url_2y40p3l0iiurgaldix5udkxizwzfrrrr\1.4.0.0 (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.

Files Detected: 24
C:\ProgramData\bbtmp0\rzsbkotiu.exe (Trojan.Ransom.ED) -> Quarantined and deleted successfully.
C:\ProgramData\REGVIEW\4813394.exe (Trojan.MSIL) -> Quarantined and deleted successfully.
C:\ProgramData\REGVIEW\file1314.exe (Trojan.MSIL) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\nsg463A.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\nslAF84.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\ct3306061\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\ct3306061\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\ct3306061\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\ct3306061\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\dlmA831.tmp\copy1-mconduitinstaller.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\dlmA831.tmp\mconduitinstaller.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\Downloads\finalmediaplayer.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\user\Downloads\ultimatemediaplayer_2.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Storm Alerts\Storm Alerts.lnk (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Storm Alerts.lnk (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\notepad.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\msconfig.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\ct3306061\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Temp\ct3306061\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Users\user\AppData\Local\Weather_Warnings_LLC\StormAlerts.exe_Url_2y40p3l0iiurgaldix5udkxizwzfrrrr\1.4.0.0\user.config (PUP.Optional.StormAlerts.A) -> Quarantined and deleted successfully.

(end)

fabthiombiano
2014-01-21, 03:35
OTL logfile created on: 20/01/2014 11:22:03 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,99 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 58,53% Memory free
7,99 Gb Paging File | 6,23 Gb Available in Paging File | 77,99% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 18,43 Gb Free Space | 6,18% Space Free | Partition Type: NTFS
Drive D: | 2,46 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: PC-FABIEN | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\user\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Users\user\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Users\user\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()


========== Services (SafeList) ==========

SRV:[b]64bit: - (HitmanProScheduler) -- C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (SpyHunter 4 Service) -- C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3252227759-3323120220-3280408002-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3252227759-3323120220-3280408002-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-FR
IE - HKU\S-1-5-21-3252227759-3323120220-3280408002-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 84 D0 10 F2 6C CD 01 [binary data]
IE - HKU\S-1-5-21-3252227759-3323120220-3280408002-1000\..\SearchScopes,DefaultScope = {9E7E0860-B049-4048-B791-4B82697EBA3B}
IE - HKU\S-1-5-21-3252227759-3323120220-3280408002-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3252227759-3323120220-3280408002-1000\..\SearchScopes\{9E7E0860-B049-4048-B791-4B82697EBA3B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306061&CUI=UN30141081092779822&UM=2
IE - HKU\S-1-5-21-3252227759-3323120220-3280408002-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2013/01/19 03:27:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2013/01/19 03:27:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2013/01/19 03:27:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/10/13 09:25:48 | 000,000,000 | ---D | M]

[2012/02/10 20:19:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2012/02/10 20:19:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2012/09/05 20:06:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\extensions
[2012/09/05 20:06:15 | 000,000,000 | ---D | M] (uTorrentBar_FR) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: Premier utilisateur = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\

O1 HOSTS File: ([2014/01/10 02:28:28 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3252227759-3323120220-3280408002-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3252227759-3323120220-3280408002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files (x86)\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE_x64.dll ()
O9:64bit: - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files (x86)\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE_x64.dll ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files (x86)\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll ()
O9 - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files (x86)\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0A727C2-F9BD-49EE-9C21-A4966D502B5F}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/03/21 20:24:08 | 000,000,175 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/20 11:20:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2014/01/20 10:28:59 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2014/01/20 10:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/20 10:28:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/01/20 10:28:24 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/01/20 10:28:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/01/20 10:26:56 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\user\Desktop\mbam-setup-1.75.0.1300.exe
[2014/01/19 17:30:46 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Ebay
[2014/01/18 12:37:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/01/18 12:36:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/01/10 23:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2014/01/10 23:03:59 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\WinZip
[2014/01/10 23:01:24 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2014/01/10 23:00:36 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2014/01/10 21:34:20 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe
[2014/01/10 21:18:16 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\user\Desktop\dds.scr
[2014/01/10 21:16:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2014/01/10 21:16:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2014/01/10 21:14:36 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\user\Desktop\erunt-setup.exe
[2014/01/10 12:25:32 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\usbank
[2014/01/10 02:59:12 | 001,057,016 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\user\Desktop\iExplore64.exe
[2014/01/10 02:58:57 | 001,933,048 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\user\Desktop\iExplore.exe
[2014/01/10 02:39:27 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/10 01:40:19 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Weather_Warnings_LLC
[2014/01/10 01:38:59 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\StormAlerts
[2014/01/10 01:37:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2014/01/10 01:37:47 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2014/01/10 01:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/01/10 01:35:06 | 000,923,784 | ---- | C] (CNET Download.com) -- C:\Users\user\Desktop\cbsidlm-cbsi145-HitmanPro_3_64bit-SEO-75110395.exe
[2014/01/10 01:23:19 | 000,079,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\xusb21.sys.bak
[2014/01/10 01:23:17 | 000,016,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wmilib.sys.bak
[2014/01/10 01:23:16 | 000,052,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\winhv.sys.bak
[2014/01/10 01:23:15 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys.bak
[2014/01/10 01:23:12 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\watchdog.sys.bak
[2014/01/10 01:23:04 | 000,129,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\videoprt.sys.bak
[2014/01/10 01:23:02 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbrpm.sys.bak
[2014/01/10 01:23:01 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys.bak
[2014/01/10 01:22:56 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys.bak
[2014/01/10 01:22:54 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBCAMD2.sys.bak
[2014/01/10 01:22:53 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys.bak
[2014/01/10 01:22:49 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys.bak
[2014/01/10 01:22:46 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tdi.sys.bak
[2014/01/10 01:22:44 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tape.sys.bak
[2014/01/10 01:22:39 | 000,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\stream.sys.bak
[2014/01/10 01:22:37 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys.bak
[2014/01/10 01:22:36 | 000,024,656 | ---- | C] (Promise Technology) -- C:\Windows\SysNative\drivers\stexstor.sys.bak
[2014/01/10 01:22:30 | 000,426,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spsys.sys.bak
[2014/01/10 01:22:30 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\smclib.sys.bak
[2014/01/10 01:22:16 | 000,171,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\scsiport.sys.bak
[2014/01/10 01:22:04 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rootmdm.sys.bak
[2014/01/10 01:22:00 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys.bak
[2014/01/10 01:21:58 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rmcast.sys.bak
[2014/01/10 01:21:28 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys.bak
[2014/01/10 01:21:20 | 000,048,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pciidex.sys.bak
[2014/01/10 01:21:18 | 000,025,600 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys.bak
[2014/01/10 01:20:50 | 000,194,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys.bak
[2014/01/10 01:20:46 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys.bak
[2014/01/10 01:20:46 | 000,047,632 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysNative\drivers\npf.sys.bak
[2014/01/10 01:20:28 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysNative\drivers\mcdbus.sys.bak
[2014/01/10 01:20:28 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\mcd.sys.bak
[2014/01/10 01:20:24 | 000,065,600 | ---- | C] (LSI Corporation) -- C:\Windows\SysNative\drivers\lsi_sas2.sys.bak
[2014/01/10 01:20:17 | 000,022,544 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klmouflt.sys.bak
[2014/01/10 01:20:16 | 000,029,488 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klim6.sys.bak
[2014/01/10 01:20:15 | 000,637,272 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys.bak
[2014/01/10 01:20:14 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kl1.sys.bak
[2014/01/10 01:20:14 | 000,011,864 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kl2.sys.bak
[2014/01/10 01:20:10 | 000,270,848 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\k57nd60a.sys.bak
[2014/01/10 01:20:03 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\irda.sys.bak
[2014/01/10 01:19:52 | 000,078,720 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysNative\drivers\HpSAMD.sys.bak
[2014/01/10 01:19:52 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys.bak
[2014/01/10 01:19:51 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys.bak
[2014/01/10 01:19:48 | 000,031,232 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysNative\drivers\hcw85cir.sys.bak
[2014/01/10 01:19:46 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS.bak
[2014/01/10 01:19:46 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys.bak
[2014/01/10 01:19:45 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys.bak
[2014/01/10 01:19:38 | 003,286,016 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\evbda.sys.bak
[2014/01/10 01:19:36 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys.bak
[2014/01/10 01:19:32 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxg.sys.bak
[2014/01/10 01:19:30 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxapi.sys.bak
[2014/01/10 01:19:29 | 000,055,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpfve.sys.bak
[2014/01/10 01:19:29 | 000,028,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Dumpata.sys.bak
[2014/01/10 01:19:28 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys.bak
[2014/01/10 01:19:27 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys.bak
[2014/01/10 01:19:25 | 000,039,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\crashdmp.sys.bak
[2014/01/10 01:19:21 | 000,179,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys.bak
[2014/01/10 01:19:18 | 000,468,480 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\bxvbda.sys.bak
[2014/01/10 01:19:09 | 000,028,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\battc.sys.bak
[2014/01/10 01:19:07 | 000,270,848 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\b57nd60a.sys.bak
[2014/01/10 01:19:04 | 001,542,656 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys.bak
[2014/01/10 01:19:04 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys.bak
[2014/01/10 01:19:01 | 000,194,128 | ---- | C] (AMD Technologies Inc.) -- C:\Windows\SysNative\drivers\amdsbs.sys.bak
[2014/01/10 01:19:01 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys.bak
[2014/01/10 01:19:01 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys.bak
[2014/01/10 01:18:53 | 001,146,880 | ---- | C] (LSI Corp) -- C:\Windows\SysNative\drivers\agrsm64.sys.bak
[2014/01/10 01:18:35 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\1394bus.sys.bak
[2014/01/10 01:15:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BearShare Applications
[2014/01/10 01:08:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2014/01/10 01:08:04 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2014/01/10 01:08:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014/01/10 01:07:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014/01/10 01:07:23 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Programs
[2014/01/10 01:03:51 | 040,658,208 | ---- | C] (Safer-Networking Ltd. ) -- C:\Users\user\Desktop\spybot-search-destroy_2-2-03-01-2014_en_10965.exe
[2014/01/09 19:16:45 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2014/01/09 19:14:57 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/01/09 18:57:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/01/09 18:57:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/01/09 18:57:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/01/09 18:57:09 | 000,000,000 | ---D | C] -- C:\ComboFix
[2014/01/09 18:53:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/09 18:50:14 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/01/09 18:40:14 | 005,162,489 | R--- | C] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2014/01/09 12:05:12 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\RK_Quarantine
[2014/01/09 03:24:48 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2014/01/09 03:18:17 | 000,000,000 | ---D | C] -- C:\Users\user\.android
[2014/01/09 03:18:10 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\cache
[2014/01/09 03:17:49 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\genienext
[2014/01/09 03:14:14 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\tdsskiller-2-8-14-0
[2014/01/09 01:37:58 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{4AAB9E65-9CD0-481E-88FE-AEB81B77BAC7}
[2014/01/08 11:32:51 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{FC914F1A-95F1-4AA3-821B-9AFFB710F9B8}
[2014/01/07 19:47:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\{$1284-9213-2940-1289$}
[2014/01/07 11:27:12 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{71FDF0EA-60DA-433D-A05E-AB7A1F70145D}
[2014/01/06 10:26:22 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{4BC44031-D519-4A5F-B031-ED7426808515}
[2014/01/05 13:40:03 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{1C63917D-BA19-4929-BA1F-EB7CCBD22E3C}
[2014/01/05 01:39:34 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{0471E01D-9D55-446C-AF64-E40849AA0DBA}
[2014/01/04 22:18:18 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\CKFYW
[2014/01/04 09:26:38 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{BEEB7765-344E-4675-BC66-EAE933658C13}
[2014/01/03 20:29:06 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Pylaf
[2014/01/03 20:29:06 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Nuruy
[2014/01/03 20:29:06 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Ixixer
[2014/01/03 19:58:57 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Yrfiwe
[2014/01/03 19:58:57 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Ubucub
[2014/01/03 19:58:57 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Odyh
[2014/01/03 19:29:41 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{D42755F3-F5C4-4B98-833F-6639A4E70E98}
[2014/01/03 13:06:10 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Rymaic
[2014/01/03 13:06:10 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Obytde
[2014/01/03 13:06:10 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Deagep
[2014/01/03 11:37:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\bbtmp0
[2014/01/03 02:48:14 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{4B737337-3319-4C99-8165-D5081BE65B17}
[2014/01/03 02:37:21 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{BF014E26-F462-4710-891E-3D0AAFD582FA}
[2014/01/03 02:36:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\REGVIEW
[2014/01/01 18:44:45 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{B3254C0E-49F0-4558-AD87-F11F9EC05DEB}
[2014/01/01 15:57:43 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{7CA44474-4985-47E2-9706-429A221F094C}
[2013/12/31 08:44:15 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{9C6DE91A-18BF-559D-3CC8-B2A81C8B4231}
[2013/12/29 18:08:06 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{324C473B-A68A-4C8C-A535-CBF903807446}
[2013/12/28 02:35:25 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{084166BE-03D3-47A6-94C8-E9CB04248297}
[2013/12/25 11:08:19 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{68F522E3-37F6-43D6-BDC3-7C92DF03A6C0}
[2012/05/02 23:05:14 | 003,486,088 | ---- | C] (Ask) -- C:\Program Files (x86)\Common Files\ApnToolbarInstaller.exe
[2012/05/02 23:05:13 | 000,143,240 | ---- | C] (Ask.com) -- C:\Program Files (x86)\Common Files\ApnStub.exe
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\user\Desktop\*.tmp files -> C:\Users\user\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/20 11:20:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2014/01/20 11:17:05 | 000,025,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/20 11:17:05 | 000,025,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/20 11:08:57 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/20 11:07:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/20 11:07:09 | 3217,162,240 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/20 10:59:24 | 000,000,087 | ---- | M] () -- C:\Windows\SysNative\brdf.exs
[2014/01/20 10:59:06 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/20 10:50:01 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/20 10:28:33 | 000,001,123 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/20 10:27:07 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\user\Desktop\mbam-setup-1.75.0.1300.exe
[2014/01/20 08:56:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3252227759-3323120220-3280408002-1000UA.job
[2014/01/19 11:56:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3252227759-3323120220-3280408002-1000Core.job
[2014/01/19 03:08:13 | 000,002,291 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/18 16:08:01 | 000,001,061 | ---- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/01/18 16:07:06 | 000,001,027 | ---- | M] () -- C:\Users\user\Desktop\Dropbox.lnk
[2014/01/18 12:57:25 | 000,002,191 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/18 12:35:53 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/01/18 12:35:53 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/01/15 17:46:10 | 000,106,942 | ---- | M] () -- C:\Users\user\Desktop\Thiombiano Fabien.pdf
[2014/01/10 23:05:45 | 000,002,251 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2014/01/10 21:43:47 | 000,002,474 | ---- | M] () -- C:\Users\user\Desktop\attach.zip
[2014/01/10 21:34:34 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe
[2014/01/10 21:18:23 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\user\Desktop\dds.scr
[2014/01/10 21:16:25 | 000,001,118 | ---- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/01/10 21:16:21 | 000,000,938 | ---- | M] () -- C:\Users\user\Desktop\NTREGOPT.lnk
[2014/01/10 21:16:20 | 000,000,919 | ---- | M] () -- C:\Users\user\Desktop\ERUNT.lnk
[2014/01/10 21:15:47 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\user\Desktop\erunt-setup.exe
[2014/01/10 12:33:06 | 000,000,000 | --S- | M] () -- C:\Windows\SysNative\xftaebx.sep
[2014/01/10 02:59:12 | 001,057,016 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\user\Desktop\iExplore64.exe
[2014/01/10 02:59:05 | 001,933,048 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\user\Desktop\iExplore.exe
[2014/01/10 02:39:18 | 001,233,962 | ---- | M] () -- C:\Users\user\Desktop\adwcleaner.exe
[2014/01/10 02:28:28 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/01/10 02:23:45 | 000,001,524 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2014/01/10 01:37:47 | 000,001,915 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2014/01/10 01:35:09 | 000,923,784 | ---- | M] (CNET Download.com) -- C:\Users\user\Desktop\cbsidlm-cbsi145-HitmanPro_3_64bit-SEO-75110395.exe
[2014/01/10 01:23:19 | 000,079,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\xusb21.sys.bak
[2014/01/10 01:23:18 | 000,016,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wmilib.sys.bak
[2014/01/10 01:23:16 | 000,052,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\winhv.sys.bak
[2014/01/10 01:23:15 | 000,054,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys.bak
[2014/01/10 01:23:13 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\watchdog.sys.bak
[2014/01/10 01:23:04 | 000,129,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\videoprt.sys.bak
[2014/01/10 01:23:02 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbrpm.sys.bak
[2014/01/10 01:23:01 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys.bak
[2014/01/10 01:22:56 | 000,007,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys.bak
[2014/01/10 01:22:54 | 000,032,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBCAMD2.sys.bak
[2014/01/10 01:22:53 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys.bak
[2014/01/10 01:22:51 | 000,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys.bak
[2014/01/10 01:22:47 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tdi.sys.bak
[2014/01/10 01:22:44 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tape.sys.bak
[2014/01/10 01:22:39 | 000,068,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\stream.sys.bak
[2014/01/10 01:22:38 | 000,189,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys.bak
[2014/01/10 01:22:37 | 000,024,656 | ---- | M] (Promise Technology) -- C:\Windows\SysNative\drivers\stexstor.sys.bak
[2014/01/10 01:22:31 | 000,426,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spsys.sys.bak
[2014/01/10 01:22:30 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\smclib.sys.bak
[2014/01/10 01:22:17 | 000,171,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\scsiport.sys.bak
[2014/01/10 01:22:08 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rootmdm.sys.bak
[2014/01/10 01:22:02 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys.bak
[2014/01/10 01:21:59 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rmcast.sys.bak
[2014/01/10 01:21:29 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys.bak
[2014/01/10 01:21:21 | 000,048,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pciidex.sys.bak
[2014/01/10 01:21:18 | 000,025,600 | ---- | M] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys.bak
[2014/01/10 01:20:53 | 000,194,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys.bak
[2014/01/10 01:20:46 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys.bak
[2014/01/10 01:20:46 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\SysNative\drivers\npf.sys.bak
[2014/01/10 01:20:29 | 000,255,552 | ---- | M] (MagicISO, Inc.) -- C:\Windows\SysNative\drivers\mcdbus.sys.bak
[2014/01/10 01:20:28 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\mcd.sys.bak
[2014/01/10 01:20:25 | 000,065,600 | ---- | M] (LSI Corporation) -- C:\Windows\SysNative\drivers\lsi_sas2.sys.bak
[2014/01/10 01:20:20 | 000,022,544 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klmouflt.sys.bak
[2014/01/10 01:20:17 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klim6.sys.bak
[2014/01/10 01:20:16 | 000,637,272 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys.bak
[2014/01/10 01:20:14 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kl1.sys.bak
[2014/01/10 01:20:14 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kl2.sys.bak
[2014/01/10 01:20:13 | 000,270,848 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\k57nd60a.sys.bak
[2014/01/10 01:20:04 | 000,120,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\irda.sys.bak
[2014/01/10 01:19:53 | 000,078,720 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\SysNative\drivers\HpSAMD.sys.bak
[2014/01/10 01:19:52 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys.bak
[2014/01/10 01:19:52 | 000,032,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys.bak
[2014/01/10 01:19:48 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysNative\drivers\hcw85cir.sys.bak
[2014/01/10 01:19:47 | 000,288,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS.bak
[2014/01/10 01:19:46 | 000,023,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys.bak
[2014/01/10 01:19:45 | 000,048,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys.bak
[2014/01/10 01:19:39 | 003,286,016 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\evbda.sys.bak
[2014/01/10 01:19:37 | 000,265,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys.bak
[2014/01/10 01:19:35 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxg.sys.bak
[2014/01/10 01:19:30 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxapi.sys.bak
[2014/01/10 01:19:29 | 000,055,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpfve.sys.bak
[2014/01/10 01:19:29 | 000,028,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Dumpata.sys.bak
[2014/01/10 01:19:28 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys.bak
[2014/01/10 01:19:27 | 000,027,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys.bak
[2014/01/10 01:19:25 | 000,039,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\crashdmp.sys.bak
[2014/01/10 01:19:21 | 000,179,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys.bak
[2014/01/10 01:19:19 | 000,468,480 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\bxvbda.sys.bak
[2014/01/10 01:19:09 | 000,270,848 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\b57nd60a.sys.bak
[2014/01/10 01:19:09 | 000,028,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\battc.sys.bak
[2014/01/10 01:19:07 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys.bak
[2014/01/10 01:19:04 | 000,155,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys.bak
[2014/01/10 01:19:02 | 000,027,008 | ---- | M] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys.bak
[2014/01/10 01:19:01 | 000,194,128 | ---- | M] (AMD Technologies Inc.) -- C:\Windows\SysNative\drivers\amdsbs.sys.bak
[2014/01/10 01:19:01 | 000,107,904 | ---- | M] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys.bak
[2014/01/10 01:18:54 | 001,146,880 | ---- | M] (LSI Corp) -- C:\Windows\SysNative\drivers\agrsm64.sys.bak
[2014/01/10 01:18:48 | 000,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\1394bus.sys.bak
[2014/01/10 01:15:33 | 000,001,599 | ---- | M] () -- C:\Users\Public\Desktop\Continue BearShare installation.lnk
[2014/01/10 01:08:40 | 000,000,656 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/01/10 01:08:40 | 000,000,628 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/01/10 01:08:40 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/01/10 01:08:16 | 000,001,393 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014/01/10 01:07:13 | 040,658,208 | ---- | M] (Safer-Networking Ltd. ) -- C:\Users\user\Desktop\spybot-search-destroy_2-2-03-01-2014_en_10965.exe
[2014/01/10 00:42:17 | 000,000,000 | ---- | M] () -- C:\Users\user\Desktop\spybotsd-2.1.21-SR2.exe
[2014/01/09 18:40:42 | 005,162,489 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2014/01/09 03:13:32 | 002,195,988 | ---- | M] () -- C:\Users\user\Desktop\tdsskiller-2-8-14-0.zip
[2014/01/08 17:59:50 | 000,037,376 | ---- | M] () -- C:\Windows\SysNative\knose.gpc
[2014/01/08 17:59:50 | 000,000,097 | ---- | M] () -- C:\Windows\SysNative\wbjmw.qev
[2014/01/08 17:39:02 | 000,000,064 | ---- | M] () -- C:\Windows\SysNative\owubvq.deb
[2014/01/08 16:56:16 | 000,219,314 | --S- | M] () -- C:\Windows\SysNative\dypn.njz
[2014/01/08 00:17:36 | 000,100,805 | ---- | M] () -- C:\Users\user\Desktop\Thiombiano Fabien Cover Letter.pdf
[2014/01/04 18:22:13 | 000,100,261 | ---- | M] () -- C:\Users\user\Desktop\Fabien Thiombiano Cover Letter.pdf
[2014/01/04 17:56:48 | 000,000,000 | RH-- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[2014/01/01 19:24:05 | 000,097,372 | ---- | M] () -- C:\Users\user\Documents\Fabien_Thiombiano_Resume.pdf
[2013/12/23 01:11:45 | 000,097,894 | ---- | M] () -- C:\Users\user\Desktop\Fabien Thiombiano Resume.pdf
[2013/12/22 12:28:43 | 000,571,664 | ---- | M] () -- C:\Users\user\Desktop\100_5679.JPG
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\user\Desktop\*.tmp files -> C:\Users\user\Desktop\*.tmp -> ]

fabthiombiano
2014-01-21, 03:36
========== Files Created - No Company Name ==========

[2014/01/20 10:28:33 | 000,001,123 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/18 12:37:11 | 000,002,291 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/18 12:37:10 | 000,002,191 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/18 12:36:53 | 000,001,064 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/18 12:36:52 | 000,001,060 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/15 17:38:23 | 000,106,942 | ---- | C] () -- C:\Users\user\Desktop\Thiombiano Fabien.pdf
[2014/01/10 23:05:44 | 000,002,251 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2014/01/10 21:43:46 | 000,002,474 | ---- | C] () -- C:\Users\user\Desktop\attach.zip
[2014/01/10 21:16:25 | 000,001,118 | ---- | C] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/01/10 21:16:21 | 000,000,938 | ---- | C] () -- C:\Users\user\Desktop\NTREGOPT.lnk
[2014/01/10 21:16:20 | 000,000,919 | ---- | C] () -- C:\Users\user\Desktop\ERUNT.lnk
[2014/01/10 12:33:06 | 000,000,000 | --S- | C] () -- C:\Windows\SysNative\xftaebx.sep
[2014/01/10 02:39:02 | 001,233,962 | ---- | C] () -- C:\Users\user\Desktop\adwcleaner.exe
[2014/01/10 02:23:45 | 000,001,524 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2014/01/10 01:37:47 | 000,001,915 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2014/01/10 01:15:33 | 000,001,599 | ---- | C] () -- C:\Users\Public\Desktop\Continue BearShare installation.lnk
[2014/01/10 01:08:40 | 000,000,656 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/01/10 01:08:40 | 000,000,628 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/01/10 01:08:40 | 000,000,458 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/01/10 01:08:16 | 000,001,405 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014/01/10 01:08:16 | 000,001,393 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014/01/10 00:40:42 | 000,000,000 | ---- | C] () -- C:\Users\user\Desktop\spybotsd-2.1.21-SR2.exe
[2014/01/09 18:57:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/01/09 18:57:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/01/09 18:57:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/01/09 18:57:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/01/09 18:57:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/01/09 03:13:08 | 002,195,988 | ---- | C] () -- C:\Users\user\Desktop\tdsskiller-2-8-14-0.zip
[2014/01/08 17:59:50 | 000,037,376 | ---- | C] () -- C:\Windows\SysNative\knose.gpc
[2014/01/08 17:49:40 | 000,000,087 | ---- | C] () -- C:\Windows\SysNative\brdf.exs
[2014/01/08 17:39:02 | 000,000,097 | ---- | C] () -- C:\Windows\SysNative\wbjmw.qev
[2014/01/08 17:39:02 | 000,000,064 | ---- | C] () -- C:\Windows\SysNative\owubvq.deb
[2014/01/08 16:56:16 | 000,219,314 | --S- | C] () -- C:\Windows\SysNative\dypn.njz
[2014/01/07 16:43:36 | 000,100,805 | ---- | C] () -- C:\Users\user\Desktop\Thiombiano Fabien Cover Letter.pdf
[2014/01/04 18:13:19 | 000,100,261 | ---- | C] () -- C:\Users\user\Desktop\Fabien Thiombiano Cover Letter.pdf
[2014/01/01 19:24:04 | 000,097,372 | ---- | C] () -- C:\Users\user\Documents\Fabien_Thiombiano_Resume.pdf
[2013/12/23 01:11:40 | 000,097,894 | ---- | C] () -- C:\Users\user\Desktop\Fabien Thiombiano Resume.pdf
[2013/12/22 12:24:14 | 000,571,664 | ---- | C] () -- C:\Users\user\Desktop\100_5679.JPG
[2012/08/18 21:52:45 | 000,026,624 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/02 23:05:15 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe
[2012/04/29 19:00:02 | 000,854,171 | ---- | C] () -- C:\Users\user\29122011286.jpg
[2012/01/19 19:08:24 | 000,017,408 | ---- | C] () -- C:\Users\user\AppData\Local\WebpageIcons.db
[2012/01/18 12:23:33 | 000,007,598 | ---- | C] () -- C:\Users\user\AppData\Local\resmon.resmoncfg

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/15 11:31:02 | 000,000,000 | ---D | M] -- C:\Users\Invité\AppData\Roaming\Opera
[2013/03/15 11:28:36 | 000,000,000 | ---D | M] -- C:\Users\Invité\AppData\Roaming\PC Suite
[2013/11/02 08:22:43 | 000,000,000 | ---D | M] -- C:\Users\Invité\AppData\Roaming\uTorrent
[2013/01/17 10:34:53 | 000,000,000 | -HSD | M] -- C:\Users\user\AppData\Roaming\5B2435
[2012/07/25 00:28:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2014/01/03 13:07:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Deagep
[2014/01/20 11:11:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Dropbox
[2014/01/03 20:30:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ixixer
[2013/12/10 18:31:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MultiBit
[2013/12/09 15:32:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\NetBeans
[2012/08/18 21:52:28 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Nokia
[2012/08/29 18:59:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Notepad++
[2012/05/02 20:10:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Nuclear Coffee
[2014/01/03 20:29:06 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Nuruy
[2014/01/03 13:06:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Obytde
[2014/01/03 19:58:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Odyh
[2012/07/01 14:05:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Opera
[2012/02/19 04:56:12 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PC Suite
[2014/01/03 20:29:06 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Pylaf
[2014/01/03 13:06:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Rymaic
[2014/01/03 19:59:47 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ubucub
[2014/01/09 01:55:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent
[2012/08/11 13:18:29 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\VDownloader
[2014/01/03 19:58:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Yrfiwe

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 20/01/2014 11:22:03 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,99 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 58,53% Memory free
7,99 Gb Paging File | 6,23 Gb Available in Paging File | 77,99% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 18,43 Gb Free Space | 6,18% Space Free | Partition Type: NTFS
Drive D: | 2,46 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: PC-FABIEN | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{006FB295-F337-48D2-A481-C752A1C8B34E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{02409A38-69CF-44F5-BFEF-98BCF9490197}" = lport=139 | protocol=6 | dir=in | app=system |
"{336D5A75-0AA2-40D9-ACE0-7CF61E9FF18C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{36051BC4-2D0A-41E1-8C5C-B503F3F04CC0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{485466F6-42B6-4A8A-B42B-D02915C1BFB9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{5D436234-AF86-46BE-A82D-A149356259FB}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{5EDBDB39-DCB3-4751-9424-BD14889A9A57}" = rport=445 | protocol=6 | dir=out | app=system |
"{713DD8C4-59BB-43B2-B894-BD2D2C3F1562}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7E762E1E-46C3-4B9F-8ACA-0E6E97A602C2}" = rport=137 | protocol=17 | dir=out | app=system |
"{83F94A80-E1E2-485E-88E1-9504EBC20A15}" = lport=137 | protocol=17 | dir=in | app=system |
"{8681CE25-4437-4553-8789-FACA61DC737E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{99A5526C-B002-489C-A712-140A7B221FF8}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{A425A165-0115-432C-96F6-5162187B9EB7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{AAD286F5-008A-4C1D-96C8-AF7138CD1A82}" = lport=445 | protocol=6 | dir=in | app=system |
"{BF78C5E4-05F0-45DA-9AA7-C811255B97CE}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{C5138572-AF0A-4EE5-8BC5-0F460098F242}" = rport=138 | protocol=17 | dir=out | app=system |
"{C74EB92B-9437-411D-92A2-7F8D1F9C0941}" = lport=138 | protocol=17 | dir=in | app=system |
"{CC7EB0B5-A61D-4F65-94B0-13869BB1029C}" = rport=139 | protocol=6 | dir=out | app=system |
"{D9F445F0-2381-4543-ABDC-F31A11DCA95D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FD842EC9-51A2-4C1C-8B24-A3DA6BA70559}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{012E2159-342E-476F-BE48-1BBFE4407A0F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0B85F40F-21D4-40BE-BB3B-CA99837CE86A}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{12B0027C-4A67-473B-92D5-1B73D36923F6}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"{17857A29-E28C-479F-A9AD-633AA13AB808}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{1ACCEBAD-9177-495E-95FB-7EB796E15F48}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1AE70A5D-A0B8-422B-9AE0-37A0106FE461}" = protocol=17 | dir=in | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{2C491218-56CA-4DB8-AE18-BA7156785FFA}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{2FA3D8D4-4EB9-4A67-BD42-84FA7D5749D1}" = protocol=6 | dir=in | app=c:\program files (x86)\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{2FE9D0B0-AEE3-4E38-87F4-31F8FF1F68E9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{33F90A1C-3095-4C6E-99AF-591AC2D4A552}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{347906A6-AC27-42AB-93E7-A014419C455B}" = dir=in | app=c:\users\user\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{48F02C81-1C5B-4A82-8E69-65C4FB0304F6}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{4F633FD9-5D14-4DE5-98E0-3291B5ECAA2C}" = protocol=17 | dir=in | app=c:\program files (x86)\tango\tango.exe |
"{70DBC96B-8785-4F65-A529-B8C8B6408E89}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{746310E8-E506-48FB-8C4C-8867D07485A8}" = protocol=17 | dir=in | app=c:\program files (x86)\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{7804CFAB-1968-400C-B9FC-B0A4E5514BA2}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{7946E04A-3951-456B-B73F-658B8F153D57}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{88C83868-DA21-4136-AE96-6A48385E7A25}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{939EE6E9-1867-4832-BCA9-FB907013EF93}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9A59BF77-5E79-4B01-84A0-C1A64A060E58}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AF1DC0DB-7D72-42C8-8BDE-60839CDA7AD7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B0AE69C8-A451-417F-A153-9F1C8BDA9454}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{BE8E9717-CC14-4B88-8CFF-01D3A8CC572D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C21341A1-28D2-46C9-8888-0FA5F0FB3C97}" = protocol=6 | dir=in | app=c:\program files (x86)\tango\tango.exe |
"{D67F88F3-C871-4210-8911-B9486D61775C}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"{DAEEA1DC-9498-47CD-8535-947F020A1C3F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DB2C4F23-253E-4363-A745-795AC2F89451}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{E16E8F97-FF15-46E0-B615-48DBA00A4CDC}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{E2199356-F71E-480B-AE03-0CF17FA7D216}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{E512CCDC-9287-4438-9D2B-DC96EBBBE4FD}" = protocol=6 | dir=in | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{EEDC6F2F-C0AB-4AB1-ACF6-67C6322C4F64}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F103540E-2C1F-4EA2-9F5A-7550CA46807B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{10B31FC4-1396-411B-BB12-6F2C5CDD2911}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |
"TCP Query User{3D20FEB3-EB30-4752-A7E0-4EBFD0273834}C:\program files (x86)\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fifa 12\game\fifa.exe |
"TCP Query User{74E791EC-5212-4119-BC0F-D21F0ED81DDA}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"TCP Query User{A60EDEAF-3F96-4EFF-9045-F00EC87541CC}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{A7CB4A44-98D9-48BE-BBD7-84CE8115596C}C:\users\user\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{CDA9B92A-DBDB-49AB-B012-D3169D5BEE0E}C:\program files (x86)\spybot - search & destroy 2\sdfiles.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdfiles.exe |
"UDP Query User{3B6C3659-BDAB-4FEF-90B1-AE78852CDE1B}C:\program files (x86)\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fifa 12\game\fifa.exe |
"UDP Query User{8BEBD5BE-42EF-4605-8EA2-55EC643F0460}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |
"UDP Query User{9EDDD75C-3765-4E60-B48D-84CBD2E7DA15}C:\program files (x86)\spybot - search & destroy 2\sdfiles.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdfiles.exe |
"UDP Query User{A061F151-10CD-4BCC-ACA0-C337D8FA7F58}C:\users\user\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{C12C0CAC-FDA7-40E4-9C69-1C760D3FE138}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{DD966BC6-B7AA-4BF4-AF05-2C682C940C7B}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1111706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 (64-bit)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2222706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 SDK (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{4B5F58F7-C7D1-3CE3-9B37-B657F0852643}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{64A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java(TM) SE Development Kit 7 Update 3 (64-bit)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panneau de configuration NVIDIA 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Pilote graphique 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Logiciel système PhysX 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Mises à jour NVIDIA 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Pilote audio HD : 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BFBE6E95-5724-47EC-85A0-74D436AD938F}" = Windows Live Family Safety
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240DF}" = WinZip 18.0
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0B753AE04CCFC1E067940973C1BEDEEE62CADDC9" = Package de pilotes Windows - Nokia Modem (03/15/2010 4.4)
"6CD143D10D52B656CB6E8E90D7932A476DA16F6A" = Package de pilotes Windows - Nokia Modem (03/15/2010 7.01.0.6)
"CCleaner" = CCleaner
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Package de pilotes Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"HitmanPro37" = HitmanPro*3.7
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"nbi-glassfish-mod-4.0.0.89.0" = GlassFish Server Open Source Edition 4.0
"nbi-nb-base-7.4.0.0.201310111528" = NetBeans IDE 7.4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0215A652-E081-4B09-9333-DC85AAB67FFA}" = Adobe Dreamweaver CS5.5
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{18756A46-652E-4ED4-A029-C4940D59F09B}" = Nokia PC Suite
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}" = SpyHunter
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8C91D53E-0C23-4A79-A480-68A443D80100}" = PC Connectivity Solution
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}" = Facebook Video Calling 2.0.0.447
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90510409-6D54-11D4-BEE3-00C04F990354}" = Microsoft Visio Professional 2002 [English]
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV pour Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.9.1195
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-1036-7B44-AB0000000001}" = Adobe Reader XI (11.0.04) - Français
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cisco Networking Academy curriculum_is1" = Cisco Networking Academy curriculum 4.0.0.0
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"ERUNT_is1" = ERUNT 1.1j
"FIFA 12 (c) EA_is1" = FIFA 12 (c) EA version 1
"Google Chrome" = Google Chrome
"IECT3306061" = Connect DLC 5 Toolbar for IE
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MultiBit 0.5.15" = MultiBit 0.5.15
"Nokia PC Suite" = Nokia PC Suite
"Notepad++" = Notepad++
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Opera 12.15.1748" = Opera 12.15
"RealPlayer 15.0" = RealPlayer
"uTorrent" = µTorrent
"VideoGet_is1" = Nuclear Coffee - VideoGet
"VLC media player" = VLC media player 0.9.8a
"WinLiveSuite" = Windows Live
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR 4.20 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3252227759-3323120220-3280408002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CodeBlocks" = CodeBlocks
"Dropbox" = Dropbox
"StormAlerts" = StormAlerts
"Tango" = Tango

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 19/09/2012 23:57:19 | Computer Name = PC-Fabien | Source = Application Hang | ID = 1002
Description = Le programme opera.exe version 12.2.1578.0 a cessé d’interagir avec
Windows et a été fermé. Pour déterminer si des informations supplémentaires sont
disponibles, consultez l’historique du problème dans le Centre de maintenance. ID
de processus*: 12c8 Heure de début*: 01cd93a01daa4104 Heure de fin*: 754 Chemin d’accès
de l’application : C:\Program Files (x86)\Opera\opera.exe ID de rapport : 3fa24b68-02d7-11e2-a9cd-001f1693a458


Error - 20/09/2012 00:04:35 | Computer Name = PC-Fabien | Source = Application Hang | ID = 1002
Description = Le programme iexplore.exe version 9.0.8112.16448 a cessé d’interagir
avec Windows et a été fermé. Pour déterminer si des informations supplémentaires
sont disponibles, consultez l’historique du problème dans le Centre de maintenance.

ID
de processus*: 2214 Heure de début*: 01cd96e4ef46322d Heure de fin*: 86 Chemin d’accès
de l’application : C:\Program Files (x86)\Internet Explorer\iexplore.exe ID de rapport
:

Error - 20/09/2012 03:37:03 | Computer Name = PC-Fabien | Source = SideBySide | ID = 16842785
Description = La création du contexte d’activation a échoué pour «*C:\Program Files
(x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll*». Assembly dépendant Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé.

Error - 20/09/2012 11:39:57 | Computer Name = PC-Fabien | Source = Application Error | ID = 1000
Description = Nom de l’application défaillante SearchProtocolHost.exe, version :
7.0.7600.16808, horodatage : 0x4dc0d14c Nom du module défaillant : ntdll.dll, version
: 6.1.7600.16915, horodatage : 0x4ec4b137 Code d’exception : 0xc0000005 Décalage
d’erreur : 0x000000000009c524 ID du processus défaillant : 0x14f0 Heure de début de
l’application défaillante : 0x01cd97462f40a598 Chemin d’accès de l’application défaillante
: C:\Windows\system32\SearchProtocolHost.exe Chemin d’accès du module défaillant:
C:\Windows\SYSTEM32\ntdll.dll ID de rapport : 6daf09af-0339-11e2-8d54-001f1693a458

Error - 22/09/2012 02:32:02 | Computer Name = PC-Fabien | Source = Application Error | ID = 1000
Description = Nom de l’application défaillante taskmgr.exe, version : 6.1.7600.16385,
horodatage : 0x4a5bc3ee Nom du module défaillant : ntdll.dll, version : 6.1.7600.16915,
horodatage : 0x4ec4b137 Code d’exception : 0xc0000005 Décalage d’erreur : 0x000000000009c524
ID
du processus défaillant : 0x19a8 Heure de début de l’application défaillante : 0x01cd988bf070422b
Chemin
d’accès de l’application défaillante : C:\Windows\system32\taskmgr.exe Chemin d’accès
du module défaillant: C:\Windows\SYSTEM32\ntdll.dll ID de rapport : 374cdae3-047f-11e2-8c30-001f1693a458

Error - 22/09/2012 02:40:51 | Computer Name = PC-Fabien | Source = Application Hang | ID = 1002
Description = Le programme opera.exe version 12.2.1578.0 a cessé d’interagir avec
Windows et a été fermé. Pour déterminer si des informations supplémentaires sont
disponibles, consultez l’historique du problème dans le Centre de maintenance. ID
de processus*: dc4 Heure de début*: 01cd975e7c2c23ba Heure de fin*: 10630 Chemin d’accès
de l’application : C:\Program Files (x86)\Opera\opera.exe ID de rapport : 5f38869e-0480-11e2-8c30-001f1693a458


Error - 22/09/2012 06:42:18 | Computer Name = PC-Fabien | Source = SideBySide | ID = 16842785
Description = La création du contexte d’activation a échoué pour «*C:\Program Files
(x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll*». Assembly dépendant Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé.

Error - 22/09/2012 14:30:53 | Computer Name = PC-Fabien | Source = Application Error | ID = 1000
Description = Nom de l’application défaillante DllHost.exe, version : 6.1.7600.16385,
horodatage : 0x4a5bca54 Nom du module défaillant : ntdll.dll, version : 6.1.7600.16915,
horodatage : 0x4ec4b137 Code d’exception : 0xc0000005 Décalage d’erreur : 0x000000000009c524
ID
du processus défaillant : 0xb7c Heure de début de l’application défaillante : 0x01cd98f064aa04dd
Chemin
d’accès de l’application défaillante : C:\Windows\system32\DllHost.exe Chemin d’accès
du module défaillant: C:\Windows\SYSTEM32\ntdll.dll ID de rapport : a3b0b1ae-04e3-11e2-ae12-001f1693a458

Error - 24/09/2012 03:48:11 | Computer Name = PC-Fabien | Source = SideBySide | ID = 16842785
Description = La création du contexte d’activation a échoué pour «*C:\Program Files
(x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll*». Assembly dépendant Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé.

Error - 24/09/2012 04:07:04 | Computer Name = PC-Fabien | Source = SideBySide | ID = 16842785
Description = La création du contexte d’activation a échoué pour «*C:\Program Files
(x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll*». Assembly dépendant Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé.

[ Media Center Events ]
Error - 23/04/2012 04:03:41 | Computer Name = PC-Fabien | Source = MCUpdate | ID = 0
Description = 01:03:41 - Erreur de connexion à Internet. 01:03:41 - Impossible
de contacter le service..

Error - 23/04/2012 04:07:19 | Computer Name = PC-Fabien | Source = MCUpdate | ID = 0
Description = 01:07:06 - Erreur de connexion à Internet. 01:07:06 - Impossible
de contacter le service..

Error - 04/05/2012 03:13:37 | Computer Name = PC-Fabien | Source = MCUpdate | ID = 0
Description = 00:13:36 - Erreur de connexion à Internet. 00:13:37 - Impossible
de contacter le service..

Error - 04/05/2012 04:09:17 | Computer Name = PC-Fabien | Source = MCUpdate | ID = 0
Description = 00:17:02 - Erreur de connexion à Internet. 00:17:02 - Impossible
de contacter le service..

Error - 04/05/2012 04:20:38 | Computer Name = PC-Fabien | Source = MCUpdate | ID = 0
Description = 01:20:38 - Erreur de connexion à Internet. 01:20:38 - Impossible
de contacter le service..

Error - 04/05/2012 04:24:07 | Computer Name = PC-Fabien | Source = MCUpdate | ID = 0
Description = 01:24:03 - Erreur de connexion à Internet. 01:24:03 - Impossible
de contacter le service..

Error - 21/05/2012 03:14:38 | Computer Name = PC-Fabien | Source = MCUpdate | ID = 0
Description = 00:14:38 - Erreur de connexion à Internet. 00:14:38 - Impossible
de contacter le service..

Error - 21/05/2012 03:18:14 | Computer Name = PC-Fabien | Source = MCUpdate | ID = 0
Description = 00:18:03 - Erreur de connexion à Internet. 00:18:03 - Impossible
de contacter le service..

[ System Events ]
Error - 20/01/2014 14:40:51 | Computer Name = PC-Fabien | Source = Service Control Manager | ID = 7000
Description = Le service Spybot-S&D 2 Scanner Service n’a pas pu démarrer en raison
de l’erreur*: %%1053

Error - 20/01/2014 14:48:26 | Computer Name = PC-Fabien | Source = cdrom | ID = 262159
Description = Le périphérique \Device\CdRom0 n'est pas prêt pour les accès.

Error - 20/01/2014 14:48:26 | Computer Name = PC-Fabien | Source = cdrom | ID = 262159
Description = Le périphérique \Device\CdRom0 n'est pas prêt pour les accès.

Error - 20/01/2014 14:48:26 | Computer Name = PC-Fabien | Source = cdrom | ID = 262159
Description = Le périphérique \Device\CdRom0 n'est pas prêt pour les accès.

Error - 20/01/2014 14:48:26 | Computer Name = PC-Fabien | Source = cdrom | ID = 262159
Description = Le périphérique \Device\CdRom0 n'est pas prêt pour les accès.

Error - 20/01/2014 14:48:26 | Computer Name = PC-Fabien | Source = atapi | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Ide\IdePort1.

Error - 20/01/2014 14:48:26 | Computer Name = PC-Fabien | Source = cdrom | ID = 262159
Description = Le périphérique \Device\CdRom0 n'est pas prêt pour les accès.

Error - 20/01/2014 15:07:28 | Computer Name = PC-Fabien | Source = Service Control Manager | ID = 7000
Description = Le service Kaspersky Anti-Virus Service n’a pas pu démarrer en raison
de l’erreur*: %%14001

Error - 20/01/2014 15:07:41 | Computer Name = PC-Fabien | Source = Service Control Manager | ID = 7023
Description = Le service SeaPort s’est arrêté avec l’erreur*: %%-2147467243

Error - 20/01/2014 15:07:41 | Computer Name = PC-Fabien | Source = Service Control Manager | ID = 7023
Description = Le service Alimentation s’est arrêté avec l’erreur*: %%4203


< End of report >

ken545
2014-01-21, 04:07
Hi,

Malwarebytes removed a lot of things related to bogus toolbars and search engines, conduit for starters, let look a bit deeper. And yes I can feel your frustration on getting this garbage on your system. Anytime in the future you would be better off not doing anything and just posting on the forum so we can see whats going on

Also looking at a bunch of legit windows files that are back ups, not sure what going on there, will have to look into it


Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator (http://windows.microsoft.com/en-US/windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token).
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

fabthiombiano
2014-01-23, 11:02
Hello,

Thank you for your assistance and patience too, I was not really available those couple of days. So here is what happened. I tried to download adwcleaner through your link and it drove me to another software such as smart pc and zip opener. I did uninstall them since it wasnot the program wanted. I ended up downloading form another site. so here is the reports. I have to mention that ads are still running in background sometimes with dcom error too :(
Thank you

# AdwCleaner v3.017 - Rapport créé le 23/01/2014 à 00:52:43
# Mis à jour le 12/01/2014 par Xplode
# Système d'exploitation : Windows 7 Professional Service Pack 1 (64 bits)
# Nom d'utilisateur : user - PC-FABIEN
# Exécuté depuis : C:\Users\user\Desktop\adwcleaner.exe
# Option : Scanner

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****

Dossier Présent C:\Program Files (x86)\smart pc cleaner
Dossier Présent C:\users\user\AppData\Local\genienext
Dossier Présent C:\users\user\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Dossier Présent C:\users\user\Documents\smart pc cleaner
Fichier Présent : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage
Fichier Présent : C:\users\user\AppData\Local\mysearchdial-speeddial.crx
Fichier Présent : C:\users\user\AppData\Local\Temp\Uninstall.exe
Fichier Présent : C:\users\user\Desktop\MySearchDial.url

***** [ Raccourcis ] *****


***** [ Registre ] *****

Clé Présente : HKCU\Software\dsiteproducts
Clé Présente : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Clé Présente : HKCU\Software\InstallCore
Clé Présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3004627E-F8E9-4E8B-909D-316753CBA923}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3004627E-F8E9-4E8B-909D-316753CBA923}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages
Clé Présente : [x64] HKCU\Software\dsiteproducts
Clé Présente : [x64] HKCU\Software\InstallCore
Clé Présente : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Clé Présente : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Clé Présente : HKLM\Software\Driver-Soft
Clé Présente : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Clé Présente : HKLM\Software\InstallIQ
Clé Présente : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Clé Présente : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

***** [ Navigateurs ] *****

-\\ Internet Explorer v10.0.9200.16750

Paramètre Présent : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://start.mysearchdial.com/?f=1&a=dsites0101&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0CtAzztA0FtD0BtByEtAyDtN0D0Tzu0SyByDtAtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutBtBtDtC1C1N&cr=1831462194&ir=
Paramètre Présent : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://start.mysearchdial.com/?f=2&a=dsites0101&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0CtAzztA0FtD0BtByEtAyDtN0D0Tzu0SyByDtAtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutBtBtDtC1C1N&cr=1831462194&ir=
Paramètre Présent : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://start.mysearchdial.com/?f=1&a=dsites0101&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0CtAzztA0FtD0BtByEtAyDtN0D0Tzu0SyByDtAtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutBtBtDtC1C1N&cr=1831462194&ir=

-\\ Google Chrome v32.0.1700.76

[ Fichier : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Trouvée : homepage

*************************

AdwCleaner[R0].txt - [16011 octets] - [10/01/2014 02:39:42]
AdwCleaner[R1].txt - [3791 octets] - [23/01/2014 00:52:43]
AdwCleaner[S0].txt - [15578 octets] - [10/01/2014 02:47:39]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [3912 octets] ##########

ken545
2014-01-23, 12:22
Thanks for report, you should not have installed those two bogus programs , thats what this garbage does, it just runs you around in circles. this time we are going to use the clean feature

Double click on AdwCleaner.exe to run the tool again.

Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
This time, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.


Then run this next and post the log also, they may not fit into one reply so take as many replies as you need to fit them all in

http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

fabthiombiano
2014-01-25, 12:59
Hello, How are you? Sorry it took me way longer to get back to you. I was stressed looking around for job. Anyway I finally did run the tools and I will post the reports. I have to notify that I still have ads in background sometimes with dcom error with a low frequency now. I thank you again for your support I appreciated!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Professional x64
Ran by user on 25/01/2014 at 2:44:10,07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9E7E0860-B049-4048-B791-4B82697EBA3B}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\fighters"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\fighters"
Successfully deleted: [Folder] "C:\Users\user\appdata\local\cre"
Successfully deleted: [Folder] "C:\Program Files (x86)\bearshare applications"
Successfully deleted: [Folder] "C:\Program Files (x86)\fighters"
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{0289F629-8081-4A5D-A02D-D7BB2EBD1158}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{0471E01D-9D55-446C-AF64-E40849AA0DBA}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{084166BE-03D3-47A6-94C8-E9CB04248297}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{099E3189-8274-491C-A84E-C9F8445164A6}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{0C784B16-2A25-4211-8173-CA70268A0ADE}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{0DA27135-B24B-44FF-B350-A51DF1017A72}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{0E1939C6-6F45-4458-ABB8-5E8072C92474}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{1088B6CA-ABBF-4B1C-8B02-5F4319ACED24}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{117DB13C-41DE-4567-917C-57777EE3ECF8}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{143F2DCF-A1F1-41E0-A4C1-06F8D064CEB6}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{15A7FA52-80DD-42F4-9040-D537B5E24E64}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{1902047A-014B-45F3-ABCA-90A8F9331FDF}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{19A23462-04D7-41B5-8B58-BAC85DA7FA5E}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{1A1A24F3-DDCE-4112-8A76-2099A2A5FFAD}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{1B092412-22D2-46C0-A282-BA51841C85C2}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{1C63917D-BA19-4929-BA1F-EB7CCBD22E3C}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{1D17E97C-119B-4748-A4E9-8A6EE69AE8B6}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{1DFAE058-8FFD-4149-AB4E-CAD4032DC0DE}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{1E3465A5-0360-40DD-8D97-AAD41DF26FCB}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{1ED31684-AB59-46AC-BFFD-AE4001F764DD}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{1ED70303-91A4-428C-9249-44D3E7EFEB52}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{1F51722F-735B-4131-AA62-2D75F3492C69}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{2053850E-FD36-47EB-9006-C25C53BAF4AC}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{21BD3E43-4C7F-448D-B672-1094F382016E}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{21F81CB4-E32E-4A87-9B4A-61BA0720E27E}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{222B7E5A-A80D-43F8-A3E3-7D5DDD1A32B8}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{22D8B4DC-FDF1-4811-8318-972AE3AC00F5}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{250669C1-7068-415A-B63F-38CB72E02250}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{28C98370-0BAC-4BED-86CB-6E263AA8CD12}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{2AFAB231-0F37-4348-B0EA-FF25D7AC6369}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{2BC37D3B-5C39-47EC-B316-BB5529CA2722}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{2FB25123-52FD-4ADF-8737-5587C1BF27B0}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{3150C5F3-1A04-432F-89F4-1404E4363B67}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{324C473B-A68A-4C8C-A535-CBF903807446}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{32EDB33F-C0E3-4320-8829-D99B9092309C}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{3322439E-C844-43DC-AD86-D7B391F4DA3D}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{345905BB-78C9-458B-9B70-8F31C910BCE5}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{362D5148-8DFB-411F-9721-82646593DBCA}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{36B347F3-A1F0-40B4-8D5E-CA707DC7541A}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{376A733A-30D0-492D-B16C-495401551C73}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{38D55E64-FC7F-454F-9E7C-DD7C11E6D668}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{395E34D1-53FF-49BE-AA33-57CDD64C841A}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{3ABAB0E0-C7E9-429C-BD0C-C557383B7478}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{3B31C8DB-03D8-47BA-B267-DF5FC70A638E}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{3DE1A5B5-FF61-441F-B13E-70F3AE5625A2}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{403037A1-7E17-44D7-BDEC-CB79FE244710}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{40B6BE42-8B78-4AEB-B316-FE3E854F37D4}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{42DBB613-57EF-4866-83DC-2CB484A45508}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{43D97A3E-D4DB-494A-925B-6CDDB5F3D9E0}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{4528F0CD-F842-426C-98AF-E63960F717BC}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{45A1B662-9180-42CB-BC2F-526D487DD379}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{45C90E65-14E9-4919-A873-D36909286052}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{4A083ABB-9710-4569-921A-AC93D0366C7B}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{4AAB9E65-9CD0-481E-88FE-AEB81B77BAC7}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{4B3CD6FE-EDFF-4653-BB41-861B276A0186}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{4B737337-3319-4C99-8165-D5081BE65B17}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{4BC44031-D519-4A5F-B031-ED7426808515}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{4D6771D8-5B5D-4132-B490-7167A2CA5268}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{4F2BCFDE-4D12-47A2-A1BB-1B5474B89BB3}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{50215A9E-AD42-402F-9B5B-63449C61C886}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{51822ED7-7B78-4B95-9C4A-22773B906076}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{51EEF960-685D-4975-B982-02749D7B9C14}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{54F1DEE2-8453-4856-A183-7A554B290D63}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{550F97C7-5312-4C81-9D4B-B3DFDBE47331}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{56D8D864-B763-4E47-9CDC-39FB02F6D17F}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{579AAB46-622F-4DDC-B36E-89C69FD6F540}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{58E3EB91-BC47-4674-8F9A-30FA99360F23}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{58E5B843-9F66-477D-9E3F-C2594A5EEAEF}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{5A2A0629-148F-4E07-A80B-7797629AD21C}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{5A4069FE-B97A-402E-8491-DC0B7968BBE3}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{5DB171CD-272F-404D-897E-B3E812D8576F}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{5F52D0B4-AEDE-4718-AB9C-9A990EDF776E}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{6053D8F1-7ADC-46DB-ACCB-B0DC5BD4B2ED}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{60AAF63E-6ED5-461D-8E59-41FBE927CC01}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{635098DC-B7F2-4197-8AC1-646C02354FA5}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{64F4FBB0-C9F5-4049-BCB1-34704DB5D506}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{65AFBAE0-DC15-4B76-B123-EAE1C7F1126F}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{66427E41-F0CD-40D6-942B-64511B56190B}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{66659261-A4C6-4BC6-AE49-93BDA79D59E1}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{6777723B-C540-4209-B98E-8219F4BCCEF3}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{6872F204-B5FF-42D8-8808-3C142AFAC1DD}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{68F16F39-D156-40B0-9FF3-E224B8090EF4}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{68F522E3-37F6-43D6-BDC3-7C92DF03A6C0}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{6B9D34BF-12CD-47E0-812A-9C18E9866497}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{6C21BC78-F2DF-4B93-834D-B6BDBE2E24D8}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{6C88224C-BFF9-4B90-AF1B-34C4A15156A0}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{6CA779F8-90B0-4D68-BD15-712ED750C2A2}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{6D46DF0E-3FC4-4B4E-8D8C-EF023803A340}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{6DB7E4A9-F72B-4913-B3A8-623ECC8A0E30}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{6F28CF17-9F68-453D-9AA7-927B5146F169}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{6F6728DE-8E37-4B4F-B306-B173360EBD93}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{6FC62385-5B49-4CE1-B1B1-9DB9A7655F82}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{71FDF0EA-60DA-433D-A05E-AB7A1F70145D}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{739E5C9E-5EC0-45C4-B5DC-74967191148E}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{74B4CB04-A711-4E8D-847B-F487428D6EA7}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{75D96BAF-144D-462A-B88B-958FC49F6682}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{79FF8235-6EF2-4DAC-942E-80995B7CC038}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{7BE7A81D-209F-49FB-B4B4-15DAD042EB9F}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{7C3665D0-417A-48BF-BAA8-0EACE2014D03}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{7CA44474-4985-47E2-9706-429A221F094C}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{7CE21726-644A-4CF0-A67E-686587287ED4}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{7CEA7F62-108E-46B7-8180-FD47E673171F}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{7EB8E967-92CC-43E5-9509-34A452A651FC}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{805175C4-7D79-4172-A646-155196848D60}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{80C37FB2-7B9B-4DAC-9969-54E57EC96E6E}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{81B02E4C-E5E4-4E2B-9AF3-2E11108DEC6C}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{82378B47-AC74-46AC-8519-59EB13752423}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{824D70DA-FCDF-4A89-99EB-9408DB6A6325}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{82CC8735-0477-4DFA-9241-690038CD5A15}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{843A8335-809A-403E-A9D6-D2A2378FC35F}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{86BB1DDE-BFA3-40D4-87F3-C25FAA5EDD99}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{8855490D-C426-49D9-AF7B-5CEF1F2CB331}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{88E6F06F-5CD2-45F5-9EFF-BBE4351B096C}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{898681AA-49CB-4AAC-8757-4AF0248A052C}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{8ACDD399-B632-4DCC-AFCD-2FCCD19CD984}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{8AFA3C52-7FC0-4696-823F-EB9FCB1531BC}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{8CA35476-5067-4FE9-9BE0-81F9F8518471}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{8D54610D-CCAD-4353-8D54-D089A70FED41}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{8FD0A779-69C4-4D75-ACD6-4487DDE4D7F4}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{8FDE4F14-2317-4808-961C-15EB40B09C9B}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{9116FD23-C998-48E6-AB14-46D6BB81C2DD}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{91497F6D-4F76-487B-94E8-63F67579907B}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{91AF354E-5C08-488F-BB0B-9681CCC03D6B}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{9387E4AE-2160-43C3-941A-F469759DEA59}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{9B24BE3D-10E1-4009-8259-F8891F6B4979}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{9C6DE91A-18BF-559D-3CC8-B2A81C8B4231}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{9C9618DB-4F13-499E-9248-E4AA94A65D3B}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{9CA64A2D-28AD-4E68-AEBD-D59D41AB8224}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{9F441349-51DC-4678-B2F7-9DDBC5B44532}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{9F67C59D-2D68-45DD-A078-4099E4E70758}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{A11BEB0E-7D28-4095-837B-5687908D3FD2}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{A271670C-C9D3-4039-A975-4CDEA2776374}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{A4782FCF-9A91-4708-9A3A-366501EC3A55}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{A57C9447-E930-44C8-8112-77ECA817DD5A}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{A5F7D70E-5D9E-4DFD-B6AA-A3434018BA37}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{A7266F97-627C-40FC-95F2-FC535FE683A5}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{A78C2066-4B79-4FC6-BFE6-0DD8436B154D}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{AA83CA96-9A9A-4DFB-BD99-66EB8811A5ED}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{ADBEA0AB-CA5E-43F7-96C4-F588A4D5DAB0}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{AEB3494F-63CD-4F8B-8A85-85D4678BAF10}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{B0FCB3CF-3E79-4111-9E38-EB449ABC66A6}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{B22F2DFE-CE9B-494A-B11D-7DED71791AE1}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{B3254C0E-49F0-4558-AD87-F11F9EC05DEB}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{B50833A6-C21C-415B-8CF7-96553B1A64B1}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{B6A618D2-4B94-49D7-9710-966A14E00C07}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{BC49F009-D48F-4731-8B6E-BC1CF2E4E9D5}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{BC7ADF1A-6597-490D-B915-9CA19960D668}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{BC9D3742-B878-4A47-A801-127294629BCD}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{BEEB7765-344E-4675-BC66-EAE933658C13}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{BF014E26-F462-4710-891E-3D0AAFD582FA}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{BFD69652-F241-4297-8B88-86D79E1D7A02}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{C0E05B08-AFC3-4E52-9E05-E559B175D6BA}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{C2A8E32C-5BC3-4072-9AF3-66B4F54DC486}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{C3D96021-47DB-4102-BFC0-2FD14EBB8856}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{C4B2AE57-FAA4-4C58-B7A7-09748BDA5061}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{C4C40B4C-D3C1-4DD0-9455-027916650D53}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{C4C61FDC-FEF3-4360-BB46-A8C69E6D8768}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{C6144B29-398B-4DF8-8C7E-B4D222FE1EC4}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{C737CA5C-C1C0-48E4-9FD0-9EAD116EF085}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{CAB6F6E8-1760-4228-90EF-0C1842448616}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{CB34A177-32A0-4ED7-B6CD-3E911465AA38}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{CB47D1D9-FF8E-4A23-8B65-450F3BBEE939}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{CB96A57C-EF4D-48DC-A90A-62578B74CB17}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{CDE0D7A6-F890-44C5-93E0-5D8E67965911}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{D040877C-E150-4459-A39A-9060405FC0B9}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{D0DA67A3-311F-4B61-AC70-9A267354FFCF}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{D2A257E0-7CF2-4EE8-81AE-0D0773D66FBA}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{D2C5C294-4B19-4F16-B097-F98D9A6F0FEE}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{D38A84C3-1F31-4C00-B675-B3332FACA8D6}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{D42755F3-F5C4-4B98-833F-6639A4E70E98}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{D6D93B00-45C4-4AD5-9EF2-E79517E515F4}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{D932792F-EB97-419C-9864-9D1B91A04AB0}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{DA4D7524-0375-4C35-A4BA-203F35C66482}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{DA8CD1AC-849F-4221-BEC9-9B4AC9B31C1F}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{DBE872AE-2F77-457D-9FA0-6AA948774DD1}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{DE334C05-E522-4F01-8281-E39327F78292}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{DE735D47-ECBB-49E9-BCED-D9B858CD94E4}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{DF46E513-5AE0-4DDE-80A7-FE23B326AD2B}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{E0955F09-7C79-4C62-8A7E-CE743353A2E7}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{E133B49F-4E03-491D-9315-947F9E6BC610}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{E79DE41E-CFB5-4B13-9D02-691882C92E84}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{E7F641E7-7B5D-42F2-8DC8-D411C3356B40}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{E82E39A1-5609-47FC-81F8-A8A6ABE766D4}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{E8AA4E0F-043D-44E5-8040-2F66F6E5DFF1}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{E9760187-5851-462D-9B4E-062AF3647D86}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{E9B7016F-3DF3-4B3D-8D21-CB2CC2988189}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{EA542818-317C-4B5F-8BD4-C87FB1D6680D}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{EB495969-38E5-4C4E-A876-43BAD3F0BE86}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{EBD52353-05FD-497B-BF47-4E22D993463F}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{EC769A3C-73E1-4CEF-B1E2-437A4F54E271}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{EC9BC3C1-80D2-4A19-9C5F-4EA3AA20EF92}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{ED2AB7FD-7CEF-4D1D-8DB5-91596C1B426E}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{EE8B0DB1-B204-43C9-82CC-6618252965A7}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{F14648A3-8FA8-4457-892D-97C5D843DE86}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{F15E6CE3-DF55-4B3D-9401-2098F407EC55}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{F3FBD4D0-FB22-4ED4-8899-CE1578A9F33B}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{F46E4830-2669-4989-A8D3-AF0FAC4477AE}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{F4F55CB2-C236-44C1-99DE-AC25DE63F288}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{F5705705-8347-4EB9-B030-7F6114C156B6}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{F5AD411D-84DA-421E-AFAD-B17BEAFEC0D5}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{F72B40ED-2E59-466F-96C2-41EB11CACB4D}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{F7BD7D68-69E6-41C9-82E7-DAF8A9DB364C}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{F805ED33-5DE3-44CB-93F2-86A1A50C253E}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{F85CD2F9-9B77-49FD-ACEC-607A80DECFB7}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{F9341C0F-0555-4C0C-AC27-809ACCCDDEB2}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{FB387980-6069-42A0-833D-23E6981C547D}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{FC2ECEAA-C1C4-42B1-99F0-922730607D41}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{FC88B939-A12E-4777-BB4A-95973612823A}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{FC914F1A-95F1-4AA3-821B-9AFFB710F9B8}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{FCA80CE7-CB85-459F-B649-0B8A06658F6A}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{FD2E7875-4D43-4BE0-8FBF-2933E732150B}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{FD3F8C09-3F8F-45D8-B513-044816E33D16}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{FEB72894-242B-4428-8E34-95A339562A3A}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{FF266733-4958-4EDC-95D0-0D07A8A5CA02}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{FF663255-57DF-4DA9-A4FB-0932EE50390E}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{FFD136B6-5D93-4130-9860-A19D70025E32}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25/01/2014 at 2:53:02,76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

fabthiombiano
2014-01-25, 13:02
# AdwCleaner v3.017 - Rapport créé le 25/01/2014 à 02:23:38
# Mis à jour le 12/01/2014 par Xplode
# Système d'exploitation : Windows 7 Professional Service Pack 1 (64 bits)
# Nom d'utilisateur : user - PC-FABIEN
# Exécuté depuis : C:\Users\user\Desktop\adwcleaner.exe
# Option : Nettoyer

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****

Dossier Supprimé : C:\Program Files (x86)\smart pc cleaner
Dossier Supprimé : C:\users\user\AppData\Local\genienext
Dossier Supprimé : C:\users\user\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Dossier Supprimé : C:\users\user\Documents\smart pc cleaner
Fichier Supprimé : C:\users\user\AppData\Local\mysearchdial-speeddial.crx
Fichier Supprimé : C:\users\user\AppData\Local\Temp\Uninstall.exe
Fichier Supprimé : C:\users\user\Desktop\MySearchDial.url
Fichier Supprimé : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage

***** [ Raccourcis ] *****


***** [ Registre ] *****

Clé Supprimée : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Clé Supprimée : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Clé Supprimée : HKCU\Software\dsiteproducts
Clé Supprimée : HKCU\Software\InstallCore
Clé Supprimée : HKLM\Software\Driver-Soft
Clé Supprimée : HKLM\Software\InstallIQ
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages

***** [ Navigateurs ] *****

-\\ Internet Explorer v10.0.9200.16750

Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Paramètre Restauré : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v32.0.1700.76

[ Fichier : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Supprimée : homepage

*************************

AdwCleaner[R0].txt - [16011 octets] - [10/01/2014 02:39:42]
AdwCleaner[R1].txt - [4016 octets] - [23/01/2014 00:52:43]
AdwCleaner[R2].txt - [3622 octets] - [25/01/2014 02:20:21]
AdwCleaner[S0].txt - [15578 octets] - [10/01/2014 02:47:39]
AdwCleaner[S1].txt - [2793 octets] - [25/01/2014 02:23:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2853 octets] ##########

ken545
2014-01-25, 13:28
Hi,

I am assuming that AdwCleaner removed those entries , sorry I dont speak French


Go ahead and run a new scan with OTL and post the log please

fabthiombiano
2014-01-28, 08:56
Hello, how are you? So far the computer is doing better those days, don't have frequent dcom error like before. However, the ads are gone which I am so glad thank you so much :) Now I hope we fix the dcom error now :)

OTL logfile created on: 27/01/2014 22:34:08 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,99 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 54,01% Memory free
7,99 Gb Paging File | 5,66 Gb Available in Paging File | 70,84% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 22,45 Gb Free Space | 7,53% Space Free | Partition Type: NTFS
Drive D: | 2,46 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: PC-FABIEN | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\user\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Users\user\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Users\user\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()


========== Services (SafeList) ==========

SRV:[b]64bit: - (HitmanProScheduler) -- C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (SpyHunter 4 Service) -- C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (mcdbus) -- C:\Windows\SysWOW64\drivers\mcdbus.sys (MagicISO, Inc.)


========== Standard Registry (SafeList) ==========

fabthiombiano
2014-01-28, 08:56
========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-FR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 84 D0 10 F2 6C CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2013/01/19 03:27:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2013/01/19 03:27:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2013/01/19 03:27:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/10/13 09:25:48 | 000,000,000 | ---D | M]

[2012/02/10 20:19:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2012/02/10 20:19:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2012/09/05 20:06:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\extensions
[2012/09/05 20:06:15 | 000,000,000 | ---D | M] (uTorrentBar_FR) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}

========== Chrome ==========

CHR - default_search_provider: Mysearchdial ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com
CHR - Extension: Analyse des liens (URL Advisor) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Analyse des liens (URL Advisor) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_1\
CHR - Extension: Clavier virtuel = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: Clavier virtuel = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_1\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_1\
CHR - Extension: Skype Click to Call = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: Skype Click to Call = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_1\
CHR - Extension: Anti-Banner = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Anti-Banner = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\
CHR - Extension: Anti-Banner = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_1\

O1 HOSTS File: ([2014/01/10 02:28:28 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files (x86)\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE_x64.dll ()
O9:64bit: - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files (x86)\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE_x64.dll ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files (x86)\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll ()
O9 - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files (x86)\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0A727C2-F9BD-49EE-9C21-A4966D502B5F}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/03/21 20:24:08 | 000,000,175 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/25 02:43:59 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/25 02:36:06 | 001,037,068 | ---- | C] (Thisisu) -- C:\Users\user\Desktop\JRT.exe
[2014/01/23 00:13:26 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\DigitalSites
[2014/01/23 00:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2014/01/22 23:58:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Toolkit Suite
[2014/01/20 11:20:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2014/01/20 10:28:59 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2014/01/20 10:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/20 10:28:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/01/20 10:28:24 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/01/20 10:28:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/01/20 10:26:56 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\user\Desktop\mbam-setup-1.75.0.1300.exe
[2014/01/19 17:30:46 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Ebay
[2014/01/18 12:37:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/01/18 12:36:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/01/10 23:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2014/01/10 23:03:59 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\WinZip
[2014/01/10 23:01:24 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2014/01/10 23:00:36 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2014/01/10 21:34:20 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe
[2014/01/10 21:18:16 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\user\Desktop\dds.scr
[2014/01/10 21:16:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2014/01/10 21:16:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2014/01/10 21:14:36 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\user\Desktop\erunt-setup.exe
[2014/01/10 12:25:32 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\usbank
[2014/01/10 02:59:12 | 001,057,016 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\user\Desktop\iExplore64.exe
[2014/01/10 02:58:57 | 001,933,048 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\user\Desktop\iExplore.exe
[2014/01/10 02:39:27 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/10 01:40:19 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Weather_Warnings_LLC
[2014/01/10 01:38:59 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\StormAlerts
[2014/01/10 01:37:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2014/01/10 01:37:47 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2014/01/10 01:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/01/10 01:35:06 | 000,923,784 | ---- | C] (CNET Download.com) -- C:\Users\user\Desktop\cbsidlm-cbsi145-HitmanPro_3_64bit-SEO-75110395.exe
[2014/01/10 01:23:19 | 000,079,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\xusb21.sys.bak
[2014/01/10 01:23:17 | 000,016,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wmilib.sys.bak
[2014/01/10 01:23:16 | 000,052,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\winhv.sys.bak
[2014/01/10 01:23:15 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys.bak
[2014/01/10 01:23:12 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\watchdog.sys.bak
[2014/01/10 01:23:04 | 000,129,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\videoprt.sys.bak
[2014/01/10 01:23:02 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbrpm.sys.bak
[2014/01/10 01:23:01 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys.bak
[2014/01/10 01:22:56 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys.bak
[2014/01/10 01:22:54 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBCAMD2.sys.bak
[2014/01/10 01:22:53 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys.bak
[2014/01/10 01:22:49 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys.bak
[2014/01/10 01:22:46 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tdi.sys.bak
[2014/01/10 01:22:44 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tape.sys.bak
[2014/01/10 01:22:39 | 000,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\stream.sys.bak
[2014/01/10 01:22:37 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys.bak
[2014/01/10 01:22:36 | 000,024,656 | ---- | C] (Promise Technology) -- C:\Windows\SysNative\drivers\stexstor.sys.bak
[2014/01/10 01:22:30 | 000,426,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spsys.sys.bak
[2014/01/10 01:22:30 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\smclib.sys.bak
[2014/01/10 01:22:16 | 000,171,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\scsiport.sys.bak
[2014/01/10 01:22:04 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rootmdm.sys.bak
[2014/01/10 01:22:00 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys.bak
[2014/01/10 01:21:58 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rmcast.sys.bak
[2014/01/10 01:21:28 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys.bak
[2014/01/10 01:21:20 | 000,048,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pciidex.sys.bak
[2014/01/10 01:21:18 | 000,025,600 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys.bak
[2014/01/10 01:20:50 | 000,194,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys.bak
[2014/01/10 01:20:46 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys.bak
[2014/01/10 01:20:46 | 000,047,632 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysNative\drivers\npf.sys.bak
[2014/01/10 01:20:28 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysNative\drivers\mcdbus.sys.bak
[2014/01/10 01:20:28 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\mcd.sys.bak
[2014/01/10 01:20:24 | 000,065,600 | ---- | C] (LSI Corporation) -- C:\Windows\SysNative\drivers\lsi_sas2.sys.bak
[2014/01/10 01:20:17 | 000,022,544 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klmouflt.sys.bak
[2014/01/10 01:20:16 | 000,029,488 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klim6.sys.bak
[2014/01/10 01:20:15 | 000,637,272 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys.bak
[2014/01/10 01:20:14 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kl1.sys.bak
[2014/01/10 01:20:14 | 000,011,864 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kl2.sys.bak
[2014/01/10 01:20:10 | 000,270,848 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\k57nd60a.sys.bak
[2014/01/10 01:20:03 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\irda.sys.bak
[2014/01/10 01:19:52 | 000,078,720 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysNative\drivers\HpSAMD.sys.bak
[2014/01/10 01:19:52 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys.bak
[2014/01/10 01:19:51 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys.bak
[2014/01/10 01:19:48 | 000,031,232 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysNative\drivers\hcw85cir.sys.bak
[2014/01/10 01:19:46 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS.bak
[2014/01/10 01:19:46 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys.bak
[2014/01/10 01:19:45 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys.bak
[2014/01/10 01:19:38 | 003,286,016 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\evbda.sys.bak
[2014/01/10 01:19:36 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys.bak
[2014/01/10 01:19:32 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxg.sys.bak
[2014/01/10 01:19:30 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxapi.sys.bak
[2014/01/10 01:19:29 | 000,055,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpfve.sys.bak
[2014/01/10 01:19:29 | 000,028,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Dumpata.sys.bak
[2014/01/10 01:19:28 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys.bak
[2014/01/10 01:19:27 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys.bak
[2014/01/10 01:19:25 | 000,039,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\crashdmp.sys.bak
[2014/01/10 01:19:21 | 000,179,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys.bak
[2014/01/10 01:19:18 | 000,468,480 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\bxvbda.sys.bak
[2014/01/10 01:19:09 | 000,028,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\battc.sys.bak
[2014/01/10 01:19:07 | 000,270,848 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\b57nd60a.sys.bak
[2014/01/10 01:19:04 | 001,542,656 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys.bak
[2014/01/10 01:19:04 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys.bak
[2014/01/10 01:19:01 | 000,194,128 | ---- | C] (AMD Technologies Inc.) -- C:\Windows\SysNative\drivers\amdsbs.sys.bak
[2014/01/10 01:19:01 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys.bak
[2014/01/10 01:19:01 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys.bak
[2014/01/10 01:18:53 | 001,146,880 | ---- | C] (LSI Corp) -- C:\Windows\SysNative\drivers\agrsm64.sys.bak
[2014/01/10 01:18:35 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\1394bus.sys.bak
[2014/01/10 01:08:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2014/01/10 01:08:04 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2014/01/10 01:08:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014/01/10 01:07:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014/01/10 01:07:23 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Programs
[2014/01/10 01:03:51 | 040,658,208 | ---- | C] (Safer-Networking Ltd. ) -- C:\Users\user\Desktop\spybot-search-destroy_2-2-03-01-2014_en_10965.exe
[2014/01/09 19:16:45 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2014/01/09 19:14:57 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/01/09 18:57:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/01/09 18:57:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/01/09 18:57:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/01/09 18:57:09 | 000,000,000 | ---D | C] -- C:\ComboFix
[2014/01/09 18:53:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/09 18:50:14 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/01/09 18:40:14 | 005,162,489 | R--- | C] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2014/01/09 12:05:12 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\RK_Quarantine
[2014/01/09 03:24:48 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2014/01/09 03:18:17 | 000,000,000 | ---D | C] -- C:\Users\user\.android
[2014/01/09 03:18:10 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\cache
[2014/01/09 03:14:14 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\tdsskiller-2-8-14-0
[2014/01/07 19:47:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\{$1284-9213-2940-1289$}
[2014/01/04 22:18:18 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\CKFYW
[2014/01/03 20:29:06 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Pylaf
[2014/01/03 20:29:06 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Nuruy
[2014/01/03 20:29:06 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Ixixer
[2014/01/03 19:58:57 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Yrfiwe
[2014/01/03 19:58:57 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Ubucub
[2014/01/03 19:58:57 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Odyh
[2014/01/03 13:06:10 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Rymaic
[2014/01/03 13:06:10 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Obytde
[2014/01/03 13:06:10 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Deagep
[2014/01/03 11:37:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\bbtmp0
[2014/01/03 02:36:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\REGVIEW
[2012/05/02 23:05:14 | 003,486,088 | ---- | C] (Ask) -- C:\Program Files (x86)\Common Files\ApnToolbarInstaller.exe
[2012/05/02 23:05:13 | 000,143,240 | ---- | C] (Ask.com) -- C:\Program Files (x86)\Common Files\ApnStub.exe
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\user\Desktop\*.tmp files -> C:\Users\user\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/27 22:13:00 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\Digital Sites.job
[2014/01/27 22:12:24 | 000,000,081 | ---- | M] () -- C:\Windows\SysNative\brdf.exs
[2014/01/27 22:10:18 | 000,025,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/27 22:10:17 | 000,025,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/27 22:02:43 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/27 22:02:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/27 22:02:09 | 3217,162,240 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/27 19:51:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/27 19:00:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/27 18:09:18 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3252227759-3323120220-3280408002-1000UA.job
[2014/01/27 11:56:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3252227759-3323120220-3280408002-1000Core.job
[2014/01/27 11:11:25 | 000,000,143 | ---- | M] () -- C:\Users\user\AppData\Roaming\WB.CFG
[2014/01/27 11:11:25 | 000,000,005 | ---- | M] () -- C:\Users\user\AppData\Roaming\WBPU-TTL.DAT
[2014/01/25 12:59:34 | 000,000,836 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/01/25 12:28:00 | 002,725,105 | ---- | M] () -- C:\Users\user\Desktop\CAM00182.jpg
[2014/01/25 02:36:25 | 001,037,068 | ---- | M] (Thisisu) -- C:\Users\user\Desktop\JRT.exe
[2014/01/23 20:39:44 | 000,100,304 | ---- | M] () -- C:\Users\user\Desktop\Cover Letter.pdf
[2014/01/23 00:52:15 | 001,236,282 | ---- | M] () -- C:\Users\user\Desktop\adwcleaner.exe
[2014/01/23 00:41:49 | 000,000,390 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2014/01/20 11:20:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2014/01/20 10:28:33 | 000,001,123 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/20 10:27:07 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\user\Desktop\mbam-setup-1.75.0.1300.exe
[2014/01/19 03:08:13 | 000,002,291 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/18 16:08:01 | 000,001,061 | ---- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/01/18 16:07:06 | 000,001,027 | ---- | M] () -- C:\Users\user\Desktop\Dropbox.lnk
[2014/01/18 12:57:25 | 000,002,191 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/18 12:35:53 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/01/18 12:35:53 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/01/15 17:46:10 | 000,106,942 | ---- | M] () -- C:\Users\user\Desktop\Thiombiano Fabien.pdf
[2014/01/10 23:05:45 | 000,002,251 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2014/01/10 21:43:47 | 000,002,474 | ---- | M] () -- C:\Users\user\Desktop\attach.zip
[2014/01/10 21:34:34 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe
[2014/01/10 21:18:23 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\user\Desktop\dds.scr
[2014/01/10 21:16:25 | 000,001,118 | ---- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/01/10 21:16:21 | 000,000,938 | ---- | M] () -- C:\Users\user\Desktop\NTREGOPT.lnk
[2014/01/10 21:16:20 | 000,000,919 | ---- | M] () -- C:\Users\user\Desktop\ERUNT.lnk
[2014/01/10 21:15:47 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\user\Desktop\erunt-setup.exe
[2014/01/10 12:33:06 | 000,000,000 | --S- | M] () -- C:\Windows\SysNative\xftaebx.sep
[2014/01/10 02:59:12 | 001,057,016 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\user\Desktop\iExplore64.exe
[2014/01/10 02:59:05 | 001,933,048 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\user\Desktop\iExplore.exe
[2014/01/10 02:28:28 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/01/10 01:37:47 | 000,001,915 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2014/01/10 01:35:09 | 000,923,784 | ---- | M] (CNET Download.com) -- C:\Users\user\Desktop\cbsidlm-cbsi145-HitmanPro_3_64bit-SEO-75110395.exe
[2014/01/10 01:23:19 | 000,079,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\xusb21.sys.bak
[2014/01/10 01:23:18 | 000,016,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wmilib.sys.bak
[2014/01/10 01:23:16 | 000,052,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\winhv.sys.bak
[2014/01/10 01:23:15 | 000,054,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys.bak
[2014/01/10 01:23:13 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\watchdog.sys.bak
[2014/01/10 01:23:04 | 000,129,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\videoprt.sys.bak
[2014/01/10 01:23:02 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbrpm.sys.bak
[2014/01/10 01:23:01 | 000,325,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys.bak
[2014/01/10 01:22:56 | 000,007,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys.bak
[2014/01/10 01:22:54 | 000,032,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBCAMD2.sys.bak
[2014/01/10 01:22:53 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys.bak
[2014/01/10 01:22:51 | 000,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys.bak
[2014/01/10 01:22:47 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tdi.sys.bak
[2014/01/10 01:22:44 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tape.sys.bak
[2014/01/10 01:22:39 | 000,068,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\stream.sys.bak
[2014/01/10 01:22:38 | 000,189,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys.bak
[2014/01/10 01:22:37 | 000,024,656 | ---- | M] (Promise Technology) -- C:\Windows\SysNative\drivers\stexstor.sys.bak
[2014/01/10 01:22:31 | 000,426,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spsys.sys.bak
[2014/01/10 01:22:30 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\smclib.sys.bak
[2014/01/10 01:22:17 | 000,171,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\scsiport.sys.bak
[2014/01/10 01:22:08 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rootmdm.sys.bak
[2014/01/10 01:22:02 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys.bak
[2014/01/10 01:21:59 | 000,146,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rmcast.sys.bak
[2014/01/10 01:21:29 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys.bak
[2014/01/10 01:21:21 | 000,048,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pciidex.sys.bak
[2014/01/10 01:21:18 | 000,025,600 | ---- | M] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys.bak
[2014/01/10 01:20:53 | 000,194,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys.bak
[2014/01/10 01:20:46 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys.bak
[2014/01/10 01:20:46 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) -- C:\Windows\SysNative\drivers\npf.sys.bak
[2014/01/10 01:20:29 | 000,255,552 | ---- | M] (MagicISO, Inc.) -- C:\Windows\SysNative\drivers\mcdbus.sys.bak
[2014/01/10 01:20:28 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\mcd.sys.bak
[2014/01/10 01:20:25 | 000,065,600 | ---- | M] (LSI Corporation) -- C:\Windows\SysNative\drivers\lsi_sas2.sys.bak
[2014/01/10 01:20:20 | 000,022,544 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klmouflt.sys.bak
[2014/01/10 01:20:17 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klim6.sys.bak
[2014/01/10 01:20:16 | 000,637,272 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys.bak
[2014/01/10 01:20:14 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kl1.sys.bak
[2014/01/10 01:20:14 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kl2.sys.bak
[2014/01/10 01:20:13 | 000,270,848 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\k57nd60a.sys.bak
[2014/01/10 01:20:04 | 000,120,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\irda.sys.bak
[2014/01/10 01:19:53 | 000,078,720 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\SysNative\drivers\HpSAMD.sys.bak
[2014/01/10 01:19:52 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys.bak
[2014/01/10 01:19:52 | 000,032,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys.bak
[2014/01/10 01:19:48 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysNative\drivers\hcw85cir.sys.bak
[2014/01/10 01:19:47 | 000,288,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS.bak
[2014/01/10 01:19:46 | 000,023,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys.bak
[2014/01/10 01:19:45 | 000,048,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys.bak
[2014/01/10 01:19:39 | 003,286,016 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\evbda.sys.bak
[2014/01/10 01:19:37 | 000,265,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys.bak
[2014/01/10 01:19:35 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxg.sys.bak
[2014/01/10 01:19:30 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxapi.sys.bak
[2014/01/10 01:19:29 | 000,055,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpfve.sys.bak
[2014/01/10 01:19:29 | 000,028,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Dumpata.sys.bak
[2014/01/10 01:19:28 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys.bak
[2014/01/10 01:19:27 | 000,027,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys.bak
[2014/01/10 01:19:25 | 000,039,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\crashdmp.sys.bak
[2014/01/10 01:19:21 | 000,179,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys.bak
[2014/01/10 01:19:19 | 000,468,480 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\bxvbda.sys.bak
[2014/01/10 01:19:09 | 000,270,848 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\b57nd60a.sys.bak
[2014/01/10 01:19:09 | 000,028,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\battc.sys.bak
[2014/01/10 01:19:07 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys.bak
[2014/01/10 01:19:04 | 000,155,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys.bak
[2014/01/10 01:19:02 | 000,027,008 | ---- | M] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys.bak
[2014/01/10 01:19:01 | 000,194,128 | ---- | M] (AMD Technologies Inc.) -- C:\Windows\SysNative\drivers\amdsbs.sys.bak
[2014/01/10 01:19:01 | 000,107,904 | ---- | M] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys.bak
[2014/01/10 01:18:54 | 001,146,880 | ---- | M] (LSI Corp) -- C:\Windows\SysNative\drivers\agrsm64.sys.bak
[2014/01/10 01:18:48 | 000,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\1394bus.sys.bak
[2014/01/10 01:15:33 | 000,001,599 | ---- | M] () -- C:\Users\Public\Desktop\Continue BearShare installation.lnk
[2014/01/10 01:08:40 | 000,000,656 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/01/10 01:08:40 | 000,000,628 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/01/10 01:08:40 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/01/10 01:08:16 | 000,001,393 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014/01/10 01:07:13 | 040,658,208 | ---- | M] (Safer-Networking Ltd. ) -- C:\Users\user\Desktop\spybot-search-destroy_2-2-03-01-2014_en_10965.exe
[2014/01/10 00:42:17 | 000,000,000 | ---- | M] () -- C:\Users\user\Desktop\spybotsd-2.1.21-SR2.exe
[2014/01/09 18:40:42 | 005,162,489 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2014/01/09 03:13:32 | 002,195,988 | ---- | M] () -- C:\Users\user\Desktop\tdsskiller-2-8-14-0.zip
[2014/01/08 17:59:50 | 000,037,376 | ---- | M] () -- C:\Windows\SysNative\knose.gpc
[2014/01/08 17:59:50 | 000,000,097 | ---- | M] () -- C:\Windows\SysNative\wbjmw.qev
[2014/01/08 17:39:02 | 000,000,064 | ---- | M] () -- C:\Windows\SysNative\owubvq.deb
[2014/01/08 16:56:16 | 000,219,314 | --S- | M] () -- C:\Windows\SysNative\dypn.njz
[2014/01/08 00:17:36 | 000,100,805 | ---- | M] () -- C:\Users\user\Desktop\Thiombiano Fabien Cover Letter.pdf
[2014/01/04 18:22:13 | 000,100,261 | ---- | M] () -- C:\Users\user\Desktop\Fabien Thiombiano Cover Letter.pdf
[2014/01/04 17:56:48 | 000,000,000 | RH-- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[2014/01/01 19:24:05 | 000,097,372 | ---- | M] () -- C:\Users\user\Documents\Fabien_Thiombiano_Resume.pdf
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\user\Desktop\*.tmp files -> C:\Users\user\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/25 12:49:03 | 002,725,105 | ---- | C] () -- C:\Users\user\Desktop\CAM00182.jpg
[2014/01/23 20:39:43 | 000,100,304 | ---- | C] () -- C:\Users\user\Desktop\Cover Letter.pdf
[2014/01/23 00:52:09 | 001,236,282 | ---- | C] () -- C:\Users\user\Desktop\adwcleaner.exe
[2014/01/23 00:13:37 | 000,000,005 | ---- | C] () -- C:\Users\user\AppData\Roaming\WBPU-TTL.DAT
[2014/01/23 00:13:35 | 000,000,143 | ---- | C] () -- C:\Users\user\AppData\Roaming\WB.CFG
[2014/01/23 00:13:27 | 000,000,288 | ---- | C] () -- C:\Windows\tasks\Digital Sites.job
[2014/01/20 10:28:33 | 000,001,123 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/18 12:37:11 | 000,002,291 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/18 12:37:10 | 000,002,191 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/18 12:36:53 | 000,001,064 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/18 12:36:52 | 000,001,060 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/15 17:38:23 | 000,106,942 | ---- | C] () -- C:\Users\user\Desktop\Thiombiano Fabien.pdf
[2014/01/10 23:05:44 | 000,002,251 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2014/01/10 21:43:46 | 000,002,474 | ---- | C] () -- C:\Users\user\Desktop\attach.zip
[2014/01/10 21:16:25 | 000,001,118 | ---- | C] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/01/10 21:16:21 | 000,000,938 | ---- | C] () -- C:\Users\user\Desktop\NTREGOPT.lnk
[2014/01/10 21:16:20 | 000,000,919 | ---- | C] () -- C:\Users\user\Desktop\ERUNT.lnk
[2014/01/10 12:33:06 | 000,000,000 | --S- | C] () -- C:\Windows\SysNative\xftaebx.sep
[2014/01/10 02:23:45 | 000,000,390 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2014/01/10 01:37:47 | 000,001,915 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2014/01/10 01:15:33 | 000,001,599 | ---- | C] () -- C:\Users\Public\Desktop\Continue BearShare installation.lnk
[2014/01/10 01:08:40 | 000,000,656 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/01/10 01:08:40 | 000,000,628 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/01/10 01:08:40 | 000,000,458 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/01/10 01:08:16 | 000,001,405 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014/01/10 01:08:16 | 000,001,393 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014/01/10 00:40:42 | 000,000,000 | ---- | C] () -- C:\Users\user\Desktop\spybotsd-2.1.21-SR2.exe
[2014/01/09 18:57:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/01/09 18:57:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/01/09 18:57:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/01/09 18:57:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/01/09 18:57:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/01/09 03:13:08 | 002,195,988 | ---- | C] () -- C:\Users\user\Desktop\tdsskiller-2-8-14-0.zip
[2014/01/08 17:59:50 | 000,037,376 | ---- | C] () -- C:\Windows\SysNative\knose.gpc
[2014/01/08 17:49:40 | 000,000,081 | ---- | C] () -- C:\Windows\SysNative\brdf.exs
[2014/01/08 17:39:02 | 000,000,097 | ---- | C] () -- C:\Windows\SysNative\wbjmw.qev
[2014/01/08 17:39:02 | 000,000,064 | ---- | C] () -- C:\Windows\SysNative\owubvq.deb
[2014/01/08 16:56:16 | 000,219,314 | --S- | C] () -- C:\Windows\SysNative\dypn.njz
[2014/01/07 16:43:36 | 000,100,805 | ---- | C] () -- C:\Users\user\Desktop\Thiombiano Fabien Cover Letter.pdf
[2014/01/04 18:13:19 | 000,100,261 | ---- | C] () -- C:\Users\user\Desktop\Fabien Thiombiano Cover Letter.pdf
[2014/01/01 19:24:04 | 000,097,372 | ---- | C] () -- C:\Users\user\Documents\Fabien_Thiombiano_Resume.pdf
[2012/08/18 21:52:45 | 000,026,624 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/02 23:05:15 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe
[2012/04/29 19:00:02 | 000,854,171 | ---- | C] () -- C:\Users\user\29122011286.jpg
[2012/01/19 19:08:24 | 000,017,408 | ---- | C] () -- C:\Users\user\AppData\Local\WebpageIcons.db
[2012/01/18 12:23:33 | 000,007,598 | ---- | C] () -- C:\Users\user\AppData\Local\resmon.resmoncfg

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/17 10:34:53 | 000,000,000 | -HSD | M] -- C:\Users\user\AppData\Roaming\5B2435
[2012/07/25 00:28:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2014/01/03 13:07:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Deagep
[2014/01/23 00:13:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DigitalSites
[2014/01/27 22:11:28 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Dropbox
[2014/01/03 20:30:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ixixer
[2013/12/10 18:31:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MultiBit
[2013/12/09 15:32:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\NetBeans
[2012/08/18 21:52:28 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Nokia
[2012/08/29 18:59:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Notepad++
[2012/05/02 20:10:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Nuclear Coffee
[2014/01/03 20:29:06 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Nuruy
[2014/01/03 13:06:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Obytde
[2014/01/03 19:58:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Odyh
[2012/07/01 14:05:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Opera
[2012/02/19 04:56:12 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PC Suite
[2014/01/03 20:29:06 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Pylaf
[2014/01/03 13:06:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Rymaic
[2014/01/03 19:59:47 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ubucub
[2014/01/09 01:55:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent
[2012/08/11 13:18:29 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\VDownloader
[2014/01/03 19:58:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Yrfiwe

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 162 bytes -> C:\Users\user\Desktop\CAM00182.jpg:com.dropbox.attributes

< End of report >

ken545
2014-01-28, 10:47
Hello,

Kaspersky Internet Security 2012 <-- This is out of date, you need to update it to the latest version.


We need to update your Java to keep you more secure

Go to your Control Panel and click on the Java Icon ( looks like a little coffee cup ) click on About and you should have Version 7 Update 45, if not proceed with the instructions.

Go to the update Tab and update it
Important, during the upgrade UNCHECK ASK TOOL BAR. ( you do not need or want this )

Then go to your Add Remove Programs (WIN XP) or Programs and Features (Vista / Win 7) in the Control Panel and uninstall all previous versions.


You can verify the installation Here (http://www.java.com/en/download/help/testvm.xml)




Open Chrome
Click the Chrome menu http://i24.photobucket.com/albums/c30/ken545/Clipboard01_zps2e55f676.jpgon the browser toolbar.
Click on Settings
Then Manage Search Engines
Highlight MySearchDial and select Delete



As far as the DCOM error, it looks like its windows related so what I would lik you to do is post at this site, we all work together. Like Safer is free but you will need to register

www.whatthetech.com


After your registered than post in there windows forum, you can tell them you posted here and we cleaned your computer from Malware, the windows people will be able to help you with that error

Post here
http://forums.whatthetech.com/index.php?showforum=119


Post back when your done over at whatthetech and let me know if they where able to help you

Ken :)