TechSpot

Possible Virus

By Fireryash
Dec 1, 2015
  1. Computer has been freaking out lately. Couldn't go on certain web pages at first, then I could but it took 5 minutes to load one page and now my browser keeps closing and opening on it's own. I did scans, nothing turned up on them so I turned to this instead. Hope you can help.


    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-11-2015
    Ran by Stéphane (administrator) on POPSY (01-12-2015 00:00:57)
    Running from C:\Users\Stéphane\Downloads
    Loaded Profiles: Stéphane (Available Profiles: Stéphane & Administrator)
    Platform: Windows 8.1 (X64) Language: Anglais (États-Unis)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
    (McAfee, Inc.) C:\WINDOWS\System32\mfevtps.exe
    (McAfee, Inc.) C:\WINDOWS\System32\mfevtps.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
    (McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
    (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Microsoft Corporation) C:\WINDOWS\System32\SkyDrive.exe
    (Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
    () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Microsoft Corporation) C:\WINDOWS\System32\SettingSyncHost.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_245.exe
    (Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_245.exe
    (Microsoft Corporation) C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
    (Microsoft Corporation) C:\WINDOWS\System32\WWAHost.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-13] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
    HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [719272 2015-04-02] (McAfee, Inc.)
    HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-07-31] (Qualcomm®Atheros®)
    HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\Run: [Dropbox Update] => "C:\Users\Stéphane\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
    HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
    HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
    HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\Run: [Birds] => C:\Users\Stéphane\AppData\Local\Birds\birds365.exe
    HKU\S-1-5-21-2305276200-880437817-2703856125-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11776 2013-08-22] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
    Startup: C:\Users\Stéphane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-11-09]
    ShortcutTarget: Dropbox.lnk -> C:\Users\Stéphane\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
    Startup: C:\Users\Stéphane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk.disabled [2014-07-09]
    ShortcutTarget: OpenOffice.org 3.1.lnk.disabled -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
    Startup: C:\Users\Stéphane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-11-28]
    ShortcutTarget: SmartWeb.lnk -> C:\Users\Stéphane\AppData\Local\SmartWeb\SmartWebHelper.exe (No File)
    CHR HKU\S-1-5-21-2305276200-880437817-2703856125-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
    Tcpip\..\Interfaces\{3A65BCD6-CC51-4BE8-8E69-0A8595F1340A}: [DhcpNameServer] 192.168.2.1
    Tcpip\..\Interfaces\{7240100B-9783-4000-9EBE-35DA510ECDC7}: [DhcpNameServer] 192.168.2.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-2305276200-880437817-2703856125-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
    HKU\S-1-5-21-2305276200-880437817-2703856125-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ca/
    HKU\S-1-5-21-2305276200-880437817-2703856125-1001\Software\Microsoft\Internet Explorer\Main,DisableRequiresActiveXPrompt = www.moviestarplanet.ca
    HKU\S-1-5-21-2305276200-880437817-2703856125-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
    SearchScopes: HKU\S-1-5-21-2305276200-880437817-2703856125-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_popjar_15_48_ssg06&cd=2XzuyEtN2Y1L1QzuzytDyEzzzy0Azz0B0ByC0EzytAtC0DzytN0D0Tzu0StCyEtByBtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDtCzzzyyD0DtDtAtGyD0ByD0EtGyE0EtB0BtGtDzz0B0DtGzzyB0BzyyBtAyB0Fzz0E0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyDtAyByBtCtC0FtGzz0FyB0AtGyEzztDzytG0A0E0FtAtGyEzy0FyBzzyB0B0F0ByByCzz2QtN0A0LzuyE&cr=1126545279&ir=
    SearchScopes: HKU\S-1-5-21-2305276200-880437817-2703856125-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325281&octid=EB_ORIGINAL_CTID&ISID=IFD73A98B-0D91-4F1C-9BE9-CC2BCB9A60C7&SearchSource=58&CUI=&UM=8&UP=SPF00348D6-0D21-4E26-9BB1-636B8C8B028E&D=112815&q={searchTerms}&SSPV=
    SearchScopes: HKU\S-1-5-21-2305276200-880437817-2703856125-1001 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
    SearchScopes: HKU\S-1-5-21-2305276200-880437817-2703856125-1001 -> {6586d803-df30-46d3-a89a-4136c8571d45} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2305276200-880437817-2703856125-1001 -> {66257AB4-CB2A-4DAB-9E04-7BB72463D9EB} URL = hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_dstndrm_15_11&cd=2XzuyEtN2Y1L1QzuzytDyEzzzy0Azz0B0ByC0EzytAtC0DzytN0D0Tzu0StCtCyCyEtN1L2XzutAtFzztFtAtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0AtD0A0E0DtCtG0BtC0A0EtG0BtC0B0FtGtAyC0B0AtGyEyEtCyDzy0A0F0F0AtD0A0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyDtAyByBtCtC0FtGzz0FyB0AtGyEzztDzytG0A0E0FtAtGyEzy0FyBzzyB0B0F0ByByCzz2QtN1B2Z1V1T1S1NzuyDzztA&cr=1349387303&ir=
    SearchScopes: HKU\S-1-5-21-2305276200-880437817-2703856125-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_popjar_15_48_ssg06&cd=2XzuyEtN2Y1L1QzuzytDyEzzzy0Azz0B0ByC0EzytAtC0DzytN0D0Tzu0StCyEtByBtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDtCzzzyyD0DtDtAtGyD0ByD0EtGyE0EtB0BtGtDzz0B0DtGzzyB0BzyyBtAyB0Fzz0E0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyDtAyByBtCtC0FtGzz0FyB0AtGyEzztDzytG0A0E0FtAtGyEzy0FyBzzyB0B0F0ByByCzz2QtN0A0LzuyE&cr=1126545279&ir=
    BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2013-07-31] (Qualcomm®Atheros®)
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-11-13] (McAfee, Inc.)
    Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-11-13] (McAfee, Inc.)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-11-13] (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-11-13] (McAfee, Inc.)
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-04-07] (McAfee, Inc.)
    Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-04-07] (McAfee, Inc.)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Stéphane\AppData\Roaming\Mozilla\Firefox\Profiles\ne3tnxqz.Meow
    FF Homepage: hxxps://www.google.ca/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0ahUKEwj5vY_Y6rnJAhWD6x4KHScdBNQQFggcMAA&url=https%3A%2F%2Fwww.google.fr%2F&usg=AFQjCNGdHlVoNRlBX2ykwfj-cD_jxplLog
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-30] ()
    FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-04-07] ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-30] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-02-19] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-02-19] (Intel Corporation)
    FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-04-07] ()
    FF Plugin HKU\S-1-5-21-2305276200-880437817-2703856125-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Stéphane\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
    FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-03]
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
    FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
    FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-11-29] [not signed]

    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-11-29]
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-11-29]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S4 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-07-31] (Windows (R) Win 7 DDK provider) [File not signed]
    R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2574168 2015-09-11] (Dell Inc.)
    R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201560 2015-09-11] (Dell Inc.)
    S4 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [139328 2014-02-19] (Aviata, Inc.)
    S2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [149496 2014-01-15] (Dell Inc.)
    R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
    R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-02-19] (Intel Corporation)
    S4 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-01-17] ()
    S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-02-19] (Intel Corporation)
    S4 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [157928 2015-11-13] (McAfee, Inc.)
    R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [753768 2015-04-07] (McAfee, Inc.)
    S4 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-24] (McAfee, Inc.)
    R2 mcbootdelaystartsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
    S4 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe [207344 2015-06-04] (McAfee, Inc.)
    R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
    S4 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
    S4 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [612688 2015-04-09] (McAfee, Inc.)
    S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
    S4 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
    S4 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
    R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-02-17] (McAfee, Inc.)
    R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [372144 2015-04-06] (McAfee, Inc.)
    R2 mfevtp; C:\Windows\system32\mfevtps.exe [250672 2015-02-17] (McAfee, Inc.)
    S4 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
    S4 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-10] (Dell Inc.) [File not signed]
    S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
    S4 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [2005392 2015-02-12] (SoftThinks SAS)
    S4 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [21160 2015-09-30] (Dell Inc.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
    S4 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
    S4 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3837440 2013-08-08] (Qualcomm Atheros Communications, Inc.)
    R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-07-30] (Qualcomm Atheros)
    R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-06-20] (Microsoft Corporation)
    R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-02-17] (McAfee, Inc.)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
    R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation)
    R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-09-11] (Dell Computer Corporation)
    S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
    S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation)
    R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [401736 2015-02-17] (McAfee, Inc.)
    R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [337888 2015-02-17] (McAfee, Inc.)
    R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-02-17] (McAfee, Inc.)
    S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.)
    R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-02-17] (McAfee, Inc.)
    R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864072 2015-02-17] (McAfee, Inc.)
    R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [482600 2015-01-16] (McAfee, Inc.)
    S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-01-16] (McAfee, Inc.)
    S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-11-13] (McAfee, Inc.)
    R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340448 2015-02-17] (McAfee, Inc.)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-12-01 00:00 - 2015-12-01 00:01 - 00019172 _____ C:\Users\Stéphane\Downloads\FRST.txt
    2015-12-01 00:00 - 2015-12-01 00:00 - 02350080 _____ (Farbar) C:\Users\Stéphane\Downloads\FRST64.exe
    2015-12-01 00:00 - 2015-12-01 00:00 - 00000000 ____D C:\FRST
    2015-11-30 23:59 - 2015-11-30 23:59 - 01721344 _____ (Farbar) C:\Users\Stéphane\Downloads\FRST.exe
    2015-11-30 22:44 - 2015-11-30 22:44 - 00000000 ___RD C:\Users\Stéphane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
    2015-11-30 13:35 - 2015-11-30 13:36 - 00000629 _____ C:\Users\Stéphane\Desktop\Se7en.txt
    2015-11-30 12:09 - 2015-11-30 12:09 - 00000000 ____D C:\Users\Stéphane\Desktop\Anciennes données de Firefox
    2015-11-30 11:21 - 2015-11-30 11:21 - 00000000 ____D C:\Users\Stéphane\AppData\Local\Macromedia
    2015-11-30 11:19 - 2015-11-30 11:20 - 00000000 ____D C:\Users\Stéphane\AppData\Local\Adobe
    2015-11-29 22:21 - 2015-11-30 11:22 - 00000000 ____D C:\Users\Stéphane\AppData\Local\Mozilla
    2015-11-29 22:21 - 2015-11-29 22:22 - 00000000 ____D C:\Users\Stéphane\AppData\Roaming\Mozilla
    2015-11-29 22:21 - 2015-11-29 22:21 - 00243992 _____ C:\Users\Stéphane\Downloads\Firefox Setup Stub 42.0.exe
    2015-11-29 22:21 - 2015-11-29 22:21 - 00001173 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2015-11-29 22:21 - 2015-11-29 22:21 - 00001161 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2015-11-29 22:21 - 2015-11-29 22:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2015-11-29 22:21 - 2015-11-29 22:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2015-11-29 22:12 - 2015-11-29 22:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    2015-11-29 21:34 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
    2015-11-29 11:18 - 2015-11-29 11:18 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
    2015-11-29 09:13 - 2015-11-29 09:13 - 00003818 _____ C:\Windows\System32\Tasks\Dell SupportAssistAgent AutoUpdate
    2015-11-29 09:13 - 2015-11-29 09:13 - 00000000 __HDC C:\ProgramData\{AA6BF06E-316C-487A-9BC2-5F06A43C56B1}
    2015-11-29 09:12 - 2015-11-29 09:43 - 00000000 ____D C:\ProgramData\SupportAssistAgent
    2015-11-29 09:10 - 2015-11-29 09:13 - 00000000 ____D C:\Program Files\Dell
    2015-11-29 09:10 - 2015-11-29 09:10 - 00004030 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
    2015-11-29 09:10 - 2015-11-29 09:10 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
    2015-11-29 09:10 - 2015-11-29 09:10 - 00003218 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
    2015-11-29 09:10 - 2015-11-29 09:10 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
    2015-11-29 09:10 - 2015-11-29 09:10 - 00000000 ____D C:\Program Files\Dell Support Center
    2015-11-29 09:08 - 2015-11-29 09:10 - 00000000 ____D C:\Users\Stéphane\AppData\Roaming\PCDr
    2015-11-28 19:19 - 2015-11-28 19:19 - 00003344 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
    2015-11-28 19:19 - 2015-11-28 19:19 - 00000000 ____D C:\Program Files\Common Files\AV
    2015-11-28 18:56 - 2015-11-28 18:56 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
    2015-11-28 18:56 - 2015-11-28 18:56 - 00000000 ____D C:\Users\Stéphane\AppData\Roaming\Macromedia
    2015-11-28 18:54 - 2015-11-28 18:54 - 00000000 ____D C:\Users\Stéphane\AppData\Roaming\Adobe
    2015-11-28 18:50 - 2015-11-30 11:13 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2305276200-880437817-2703856125-1001
    2015-11-28 18:49 - 2015-11-28 18:49 - 00000000 ____D C:\Users\Stéphane\AppData\Local\Aviata
    2015-11-28 18:47 - 2015-11-28 18:47 - 00000000 ____D C:\Users\Stéphane\AppData\Roaming\Intel Corporation
    2015-11-28 18:46 - 2015-11-28 18:46 - 00000000 ____D C:\Users\Stéphane\Documents\Bluetooth Folder
    2015-11-28 18:46 - 2015-11-28 18:46 - 00000000 ____D C:\Users\Stéphane\AppData\Local\BMExplorer
    2015-11-28 18:45 - 2015-11-30 22:43 - 00000000 __RDO C:\Users\Stéphane\OneDrive
    2015-11-28 18:45 - 2015-11-28 18:46 - 00000000 ____D C:\ProgramData\Atheros
    2015-11-28 18:45 - 2015-11-28 18:45 - 00000000 ____D C:\Windows\System32\Tasks\WPD
    2015-11-28 18:45 - 2015-11-28 18:45 - 00000000 ____D C:\Users\Stéphane\AppData\Roaming\Atheros
    2015-11-28 18:43 - 2015-11-30 08:17 - 00000000 ____D C:\Users\Stéphane\AppData\Local\CrashDumps
    2015-11-28 18:42 - 2015-11-28 18:42 - 00000000 __SHD C:\System Recovery
    2015-11-28 18:42 - 2015-11-28 18:42 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery
    2015-11-28 18:41 - 2015-11-28 18:41 - 00000000 ____D C:\Users\Stéphane\AppData\Local\Power2Go8
    2015-11-28 18:40 - 2015-11-28 18:57 - 00000000 __SHD C:\Users\Stéphane\AppData\Local\EmieUserList
    2015-11-28 18:40 - 2015-11-28 18:57 - 00000000 __SHD C:\Users\Stéphane\AppData\Local\EmieSiteList
    2015-11-28 18:40 - 2015-11-28 18:40 - 00000000 ____D C:\Windows\System32\Tasks\GenericSettingsHandler
    2015-11-28 18:39 - 2015-11-28 18:39 - 00000020 ___SH C:\Users\Stéphane\ntuser.ini
    2015-11-28 18:27 - 2015-11-28 18:27 - 00000030 _____ C:\20151128164011_BACKUPMIGRATION_STATUS.INI
    2015-11-28 18:25 - 2015-04-05 11:00 - 00465640 ___SH (SoftThinks SAS) C:\Users\Stéphane\AppData\Local\SDSRepStore.exe
    2015-11-28 18:25 - 2015-04-05 11:00 - 00041496 ___SH C:\Users\Stéphane\AppData\Local\SDSRepStore.xml
    2015-11-28 18:25 - 2015-04-05 11:00 - 00000567 ___SH C:\Users\Stéphane\AppData\Local\SDSAppxReg.ps1
    2015-11-28 18:16 - 2015-11-28 18:45 - 00000000 ____D C:\Users\Stéphane\OneDrive (2).old
    2015-11-28 18:16 - 2015-11-28 18:16 - 00000000 ____D C:\Users\Stéphane\OneDrive.old
    2015-11-28 18:15 - 2015-11-28 18:16 - 00000000 ____D C:\Users\Stéphane\Dropbox
    2015-11-28 18:15 - 2015-11-28 18:15 - 00000000 ____D C:\Users\Public\AccountPictures
    2015-11-28 18:15 - 2015-11-28 18:15 - 00000000 ____D C:\uninst
    2015-11-28 18:15 - 2015-11-28 18:15 - 00000000 ____D C:\KOGGAMES
    2015-11-28 18:15 - 2015-11-28 18:15 - 00000000 ____D C:\20151127073800_BACKUP
    2015-11-28 18:07 - 2015-11-30 11:07 - 00000000 ____D C:\Users\Stéphane\Desktop\torrent
    2015-11-28 18:06 - 2015-11-28 18:07 - 00000000 ____D C:\Users\Stéphane\Desktop\Photos
    2015-11-28 18:06 - 2015-11-28 18:06 - 00000000 ____D C:\Users\Stéphane\Desktop\muzik
    2015-11-28 18:06 - 2015-11-28 18:06 - 00000000 ____D C:\Users\Stéphane\Desktop\Juliette Folder
    2015-11-28 18:05 - 2015-11-28 18:06 - 00000000 ____D C:\Users\Stéphane\Desktop\Isabelle
    2015-11-28 18:05 - 2015-11-28 18:05 - 00000000 ____D C:\Users\Stéphane\Documents\Wondershare DVD Creator
    2015-11-28 18:05 - 2015-11-28 18:05 - 00000000 ____D C:\Users\Stéphane\Documents\CyberLink
    2015-11-28 18:05 - 2015-11-28 18:05 - 00000000 ____D C:\Users\Stéphane\Desktop\horaire bus
    2015-11-28 18:05 - 2015-11-28 18:05 - 00000000 ____D C:\Users\Stéphane\Desktop\DIVERS
    2015-11-28 18:03 - 2015-11-28 18:03 - 00000000 _SHDL C:\Users\Default\My Documents
    2015-11-28 18:03 - 2015-11-28 18:03 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
    2015-11-28 18:03 - 2015-11-28 18:03 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
    2015-11-28 18:03 - 2015-11-28 18:03 - 00000000 _SHDL C:\Users\Default\Documents\My Music
    2015-11-28 18:03 - 2015-11-28 18:03 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
    2015-11-28 18:03 - 2015-11-28 18:03 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
    2015-11-28 18:03 - 2015-11-28 18:03 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
    2015-11-28 18:01 - 2015-11-29 22:16 - 00000000 ____D C:\ProgramData\SoftThinks
    2015-11-28 17:48 - 2015-11-28 17:48 - 00000000 ____D C:\Windows\SMINST
    2015-11-28 17:40 - 2015-11-28 17:41 - 00001817 _____ C:\Users\Stéphane\Desktop\all.txt
    2015-11-28 16:40 - 2015-11-28 18:26 - 00000000 ____D C:\20151128164011_BACKUP
    2015-11-28 00:35 - 2015-11-29 22:15 - 00000000 ____D C:\Users\Stéphane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
    2015-11-28 00:35 - 2015-11-28 18:03 - 00000000 ____D C:\Users\Stéphane\AppData\LocalLow\Company
    2015-11-28 00:35 - 2015-11-28 18:03 - 00000000 ____D C:\Users\Stéphane\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
    2015-11-27 17:07 - 2015-11-27 17:07 - 00000025 _____ C:\Users\Stéphane\Desktop\serial number bMafee.txt
    2015-11-27 14:39 - 2015-11-27 10:20 - 00000000 _____ C:\Recovery.txt
    2015-11-21 23:50 - 2015-11-21 23:51 - 00000081 _____ C:\Users\Stéphane\Desktop\Cyrano de Bergerac.txt
    2015-11-09 19:28 - 2015-11-28 18:03 - 00000000 ____D C:\Users\Stéphane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2015-11-06 23:13 - 2015-11-06 23:13 - 00730062 _____ C:\Users\Stéphane\Downloads\Liste d'ancienneté préliminaire au 30 juin 2015 - Employés temporaires(1).pdf
    2015-11-06 20:52 - 2015-11-06 20:52 - 00730062 _____ C:\Users\Stéphane\Downloads\Liste d'ancienneté préliminaire au 30 juin 2015 - Employés temporaires.pdf
    2015-11-06 20:48 - 2015-11-06 20:48 - 01065463 _____ C:\Users\Stéphane\Downloads\Liste d'ancienneté préliminaire au 30 juin 2015 - Employés Réguliers(1).pdf
    2015-11-06 20:47 - 2015-11-06 20:47 - 01065463 _____ C:\Users\Stéphane\Downloads\Liste d'ancienneté préliminaire au 30 juin 2015 - Employés Réguliers.pdf
    2015-11-04 22:05 - 2015-11-04 22:05 - 00688891 _____ C:\Users\Stéphane\Downloads\37fb2339-7846-489b-a94c-edcac4362f5b.PDF

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-12-01 00:00 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS
    2015-11-30 17:35 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\NDF
    2015-11-30 10:08 - 2014-06-20 20:44 - 01827432 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-11-30 10:08 - 2013-08-29 08:05 - 00810364 _____ C:\Windows\system32\perfh00C.dat
    2015-11-30 10:08 - 2013-08-29 08:05 - 00159310 _____ C:\Windows\system32\perfc00C.dat
    2015-11-30 10:08 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Inf
    2015-11-30 10:03 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-11-30 10:03 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI
    2015-11-29 22:16 - 2014-06-20 21:07 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
    2015-11-29 21:58 - 2014-06-20 21:04 - 00000000 ____D C:\Program Files (x86)\McAfee
    2015-11-29 21:34 - 2014-06-20 21:04 - 00000000 ____D C:\Program Files\Common Files\mcafee
    2015-11-29 21:34 - 2013-08-22 10:36 - 00000000 ___HD C:\Windows\ELAMBKUP
    2015-11-29 21:34 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
    2015-11-29 09:12 - 2014-06-20 21:10 - 00000000 ____D C:\Program Files (x86)\Dell
    2015-11-29 09:10 - 2014-06-20 21:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
    2015-11-29 09:10 - 2014-06-20 21:04 - 00000000 ____D C:\ProgramData\PCDr
    2015-11-29 00:38 - 2014-06-20 21:04 - 00000000 ____D C:\ProgramData\McAfee
    2015-11-29 00:09 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\rescache
    2015-11-28 19:40 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
    2015-11-28 19:34 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
    2015-11-28 19:12 - 2013-08-22 09:44 - 00344624 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-11-28 18:45 - 2014-06-29 14:54 - 00000000 ____D C:\Users\Stéphane
    2015-11-28 18:44 - 2014-06-20 20:54 - 00000000 ____D C:\ProgramData\Intel
    2015-11-28 18:19 - 2014-06-20 20:34 - 00000000 ____D C:\Windows\Panther
    2015-11-28 18:19 - 2013-08-22 10:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
    2015-11-28 18:19 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\WinStore
    2015-11-28 18:19 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\vpnplugins
    2015-11-28 18:19 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\FileManager
    2015-11-28 18:19 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\Camera
    2015-11-28 18:19 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\oobe
    2015-11-28 18:17 - 2014-06-29 14:54 - 00000000 ____D C:\Users\Stéphane\AppData\Local\Packages
    2015-11-28 18:03 - 2015-08-26 15:09 - 00000000 ____D C:\Users\Stéphane\AppData\LocalLow\Oracle
    2015-11-28 18:03 - 2015-06-11 17:13 - 00000000 ____D C:\Users\Stéphane\AppData\LocalLow\Sun
    2015-11-28 18:03 - 2015-02-19 14:48 - 00000000 ____D C:\Users\Stéphane\AppData\LocalLow\RbxLogs
    2015-11-28 18:03 - 2014-10-22 17:39 - 00000000 ____D C:\Users\Stéphane\AppData\LocalLow\Adobe
    2015-11-28 18:03 - 2014-09-27 14:41 - 00000000 ____D C:\Users\Stéphane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
    2015-11-28 18:03 - 2014-07-15 14:40 - 00000000 ____D C:\Users\Stéphane\AppData\LocalLow\Unity
    2015-11-28 18:03 - 2014-07-10 15:05 - 00000000 ____D C:\Users\Stéphane\AppData\LocalLow\Temp
    2015-11-28 18:03 - 2014-06-29 14:54 - 00000000 ____D C:\Users\Stéphane\AppData\Local\VirtualStore
    2015-11-27 17:22 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\SMI
    2015-11-25 23:32 - 2015-02-19 14:48 - 00000247 _____ C:\Users\Stéphane\AppData\LocalLow\rbxcsettings.rbx

    ==================== Files in the root of some directories =======

    2015-11-28 18:25 - 2015-04-05 11:00 - 0000567 ___SH () C:\Users\Stéphane\AppData\Local\SDSAppxReg.ps1
    2015-11-28 18:25 - 2015-04-05 11:00 - 0465640 ___SH (SoftThinks SAS) C:\Users\Stéphane\AppData\Local\SDSRepStore.exe
    2015-11-28 18:46 - 2015-11-28 19:28 - 0052510 ___SH () C:\Users\Stéphane\AppData\Local\SDSRepStore.exe.SDS.LOG
    2015-11-28 18:25 - 2015-04-05 11:00 - 0041496 ___SH () C:\Users\Stéphane\AppData\Local\SDSRepStore.xml
    2014-06-20 20:30 - 2014-06-20 20:30 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2014-06-20 21:03 - 2014-06-20 21:03 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
    2014-06-20 21:01 - 2014-06-20 21:01 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
    2014-06-20 21:01 - 2014-06-20 21:02 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
    2014-06-20 21:02 - 2014-06-20 21:03 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
    2014-06-20 21:01 - 2014-06-20 21:01 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-11-28 19:40

    ==================== End of FRST.txt ============================

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  2. Fireryash

    Fireryash TS Rookie Topic Starter

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-11-2015
    Ran by Stéphane (2015-12-01 00:01:35)
    Running from C:\Users\Stéphane\Downloads
    Windows 8.1 (X64) (2014-06-21 02:18:41)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2305276200-880437817-2703856125-500 - Administrator - Disabled) => C:\Users\Administrator
    Guest (S-1-5-21-2305276200-880437817-2703856125-501 - Limited - Disabled)
    Stéphane (S-1-5-21-2305276200-880437817-2703856125-1001 - Administrator - Enabled) => C:\Users\Stéphane

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Protection antivirus et antispyware McAfee (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Protection antivirus et antispyware McAfee (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
    FW: Pare-feu McAfee (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
    BitTorrent (HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\BitTorrent) (Version: 7.9.2.38657 - BitTorrent Inc.)
    CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
    Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.2.0 - Dell Inc.)
    Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.8.1.70 - Dell Inc.)
    Dell Data Vault (Version: 4.3.5.1 - Dell Inc.) Hidden
    Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
    Dell Product Registration (HKLM-x32\...\{764E68FE-C2F9-410E-90A8-CE7F8B9A36E2}) (Version: 2.03.0204 - Aviata Inc.)
    Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.93 - Dell)
    Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.1.14 - Dell)
    Dell Update (HKLM-x32\...\{1D817B4D-A183-48C0-8463-FCC39459367B}) (Version: 1.0.1014.0 - Dell Inc.)
    Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
    Dropbox (HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\Dropbox) (Version: 3.10.11 - Dropbox, Inc.)
    Extension Bus (HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\{E57B125A-F406-3FDE-E000-A448B7097482}) (Version: 1.2.1 - Web Pool corp)
    Intel(R) Chipset Device Software (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1168 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
    Intel(R) Update Manager (HKLM-x32\...\{AD6B46F2-FE21-496F-BE90-BE19AABE353C}) (Version: 2.2.12 - Intel Corporation)
    McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 14.0.1029 - McAfee, Inc.)
    McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.203 - McAfee, Inc.)
    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Mozilla Firefox 42.0 (x86 fr) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 fr)) (Version: 42.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0 - Mozilla)
    My Dell Client Framework (HKLM-x32\...\InstallShield_{05F1B866-2372-4E82-9AA8-C64FB11CEF8B}) (Version: 1.0.0.3 - Dell)
    My Dell Client Framework (x32 Version: 1.0.0.3 - Dell) Hidden
    PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
    Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.232 - Qualcomm Atheros Communications)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.)
    Unity Web Player (HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2305276200-880437817-2703856125-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Stéphane\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
    CustomCLSID: HKU\S-1-5-21-2305276200-880437817-2703856125-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Stéphane\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll => No File
    CustomCLSID: HKU\S-1-5-21-2305276200-880437817-2703856125-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stéphane\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll => No File
    CustomCLSID: HKU\S-1-5-21-2305276200-880437817-2703856125-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stéphane\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll => No File
    CustomCLSID: HKU\S-1-5-21-2305276200-880437817-2703856125-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stéphane\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll => No File
    CustomCLSID: HKU\S-1-5-21-2305276200-880437817-2703856125-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stéphane\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll => No File
    CustomCLSID: HKU\S-1-5-21-2305276200-880437817-2703856125-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stéphane\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll => No File
    CustomCLSID: HKU\S-1-5-21-2305276200-880437817-2703856125-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stéphane\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll => No File
    CustomCLSID: HKU\S-1-5-21-2305276200-880437817-2703856125-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stéphane\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll => No File
    CustomCLSID: HKU\S-1-5-21-2305276200-880437817-2703856125-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stéphane\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll => No File
    CustomCLSID: HKU\S-1-5-21-2305276200-880437817-2703856125-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Stéphane\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll => No File

    ==================== Restore Points =========================

    28-11-2015 23:56:52 Scheduled Checkpoint

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {19DAAA27-413A-492C-A04E-E9E54CFC2DA7} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
    Task: {28E7577C-A9AC-488C-A7EB-7A969A442937} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-10-29] (PC-Doctor, Inc.)
    Task: {2CA846A9-8808-44FA-87EE-C21B49E55F16} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
    Task: {3DD9A774-D594-4D1B-AD32-B7C933279B87} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-01-17] ()
    Task: {43CA96AB-D124-4AC0-B7C2-A6385F2BBFEB} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-02-19] (Aviata Inc)
    Task: {5A3D8B8D-DB4C-4F43-8EA1-A3F524D78E29} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()
    Task: {666FBFB7-2013-416C-81B5-9A19E61A74C6} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-01-17] ()
    Task: {6CF14C6D-132A-4878-9176-41CBE6DCFAD7} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
    Task: {6E348310-0378-4D90-8ECC-AD9353671AF4} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()
    Task: {800DFE9E-0FA4-4549-AFA4-432071083CA6} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2305276200-880437817-2703856125-1001
    Task: {8DD4726E-7E3E-462A-8A69-BFA1842BF8E3} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-10-29] (PC-Doctor, Inc.)
    Task: {91F07CB3-813F-4952-A027-8A232A9C90ED} - System32\Tasks\PocketCloudUpdater => C:\Program
    Task: {97CFEAAA-9E57-414B-A7C8-EB9EF1D40C7A} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-09-01] (McAfee, Inc.)
    Task: {AF3CE790-522C-47CE-B84B-983A52955F47} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-09-30] (Dell Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2014-06-20 21:09 - 2013-08-19 11:21 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
    2014-06-20 21:09 - 2013-08-19 11:21 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
    2013-07-30 23:59 - 2013-07-30 23:59 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
    2013-07-30 23:55 - 2013-07-30 23:55 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
    2013-07-31 00:04 - 2013-07-31 00:04 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
    2014-06-20 21:01 - 2013-03-04 22:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
    2013-03-05 13:41 - 2013-03-05 13:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\123simsen.com -> www.123simsen.com

    There are 7867 more sites.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2305276200-880437817-2703856125-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Stéphane\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
    DNS Servers: 192.168.2.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AERTFilters => 2
    MSCONFIG\Services: AtherosSvc => 2
    MSCONFIG\Services: DellProdRegManager => 3
    MSCONFIG\Services: iumsvc => 3
    MSCONFIG\Services: jhi_service => 2
    MSCONFIG\Services: LMS => 2
    MSCONFIG\Services: McAfee SiteAdvisor Service => 2
    MSCONFIG\Services: McAWFwk => 3
    MSCONFIG\Services: mcbootdelaystartsvc => 2
    MSCONFIG\Services: mccspsvc => 2
    MSCONFIG\Services: McNaiAnn => 2
    MSCONFIG\Services: McODS => 3
    MSCONFIG\Services: mcpltsvc => 2
    MSCONFIG\Services: McProxy => 2
    MSCONFIG\Services: MSK80Service => 2
    MSCONFIG\Services: My Dell Client Framework => 2
    MSCONFIG\Services: nvsvc => 2
    MSCONFIG\Services: RichVideo => 2
    MSCONFIG\Services: SftService => 2
    MSCONFIG\Services: SupportAssistAgent => 2
    MSCONFIG\Services: WysePocketCloud => 2
    MSCONFIG\Services: WyseRemoteAccess => 2
    HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.1.lnk"
    HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.1.lnk.disabled"
    HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\StartupApproved\StartupFolder: => "SmartWeb.lnk"
    HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\StartupApproved\Run: => "Itibiti.exe"
    HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
    HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\StartupApproved\Run: => "Birds"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{C12139D5-3CAE-47A1-BBB8-F47657EBF016}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe
    FirewallRules: [{647A3CB2-8F6A-404B-AAC5-5CD7AE48B49A}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\AetherWindowsService.exe
    FirewallRules: [{99385F13-9B57-4858-8B1D-9BC660CB6AEF}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
    FirewallRules: [{702CF2FD-FB8A-49F9-8B70-805778C2DAAF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
    FirewallRules: [{FF1B0F21-89A8-4446-B2A0-982A3AFEAFA7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
    FirewallRules: [{1787DAA5-4086-42E1-A2C7-329A84C464B3}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    FirewallRules: [{77C66930-0581-42A3-BF4F-CCE5C3380C24}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    FirewallRules: [{A18B88E9-8B55-4257-AD0F-1047329103C3}] => (Allow) C:\Users\Stéphane\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{12A40D33-A0C6-430E-BF38-582B8C738017}] => (Allow) C:\Users\Stéphane\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{26359C95-A3ED-4454-9E50-297283FB8705}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    FirewallRules: [{D575D8F1-F02F-439C-A956-97516644DE2D}] => (Allow) C:\Users\Stéphane\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{F94EABEE-30B1-4ABB-96FA-0EE86E3AD61A}] => (Allow) C:\Users\Stéphane\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{0ABA4932-0D21-4090-BF36-E0093A4E5A44}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{59A3C3EC-C628-4D3A-8EE6-047135A93C09}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{850A194A-2DA0-453C-9AB2-DBDF84F91DAE}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [UDP Query User{001559FC-C4D6-4A0B-8709-05CD98176D1E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [{8D081E3C-20A3-4BD3-BA39-8195FAF51044}] => (Allow) C:\KOGGAMES\Elsword\data\x2.exe
    FirewallRules: [{41F0E7D0-2F5B-4EFD-A23C-4976C1655C2C}] => (Allow) C:\KOGGAMES\Elsword\data\x2.exe
    FirewallRules: [TCP Query User{8E988940-CAF3-4ACF-A296-A8AD33ACC4A3}C:\users\stéphane\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\stéphane\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [UDP Query User{0B8D3433-E5DB-484D-B7D1-22387F0B600B}C:\users\stéphane\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\stéphane\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [TCP Query User{B899C08B-40C8-4114-A860-2153E9B0E450}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{814291EC-0177-40A9-905A-F16F923E1A20}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [{E70EFBC1-A5FA-4CD2-BC12-A1EC0D4F1DDE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{9214EAE1-54E9-4AFE-8309-F5662A2CF831}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{BF1BBEEC-DE17-49E7-AD62-D45226CE92F4}] => (Allow) C:\Program Files (x86)\Microsoft.NET\v2.0.507237\client.exe

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/30/2015 11:54:33 PM) (Source: Software Protection Platform Service) (EventID: 8211) (User: )
    Description: Les jetons de clé de produit et licence Windows mis à jour ont échoué avec le code d’erreur 0x80070005.

    Error: (11/30/2015 10:48:52 PM) (Source: Python Service) (EventID: 255) (User: )
    Description: Exception : (1058, 'StartService', 'The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.')

    Error: (11/30/2015 10:43:52 PM) (Source: Software Protection Platform Service) (EventID: 8211) (User: )
    Description: Les jetons de clé de produit et licence Windows mis à jour ont échoué avec le code d’erreur 0x80070005.

    Error: (11/30/2015 08:43:45 PM) (Source: Software Protection Platform Service) (EventID: 8211) (User: )
    Description: Les jetons de clé de produit et licence Windows mis à jour ont échoué avec le code d’erreur 0x80070005.

    Error: (11/30/2015 05:28:07 PM) (Source: Python Service) (EventID: 255) (User: )
    Description: Exception : (1058, 'StartService', 'The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.')

    Error: (11/30/2015 05:23:04 PM) (Source: Software Protection Platform Service) (EventID: 8211) (User: )
    Description: Les jetons de clé de produit et licence Windows mis à jour ont échoué avec le code d’erreur 0x80070005.

    Error: (11/30/2015 01:30:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Le programme wwahost.exe version 6.3.9600.17031 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance.

    ID de processus : aec

    Heure de début : 01d12b9c74fe807e

    Heure de fin : 4294967295

    Chemin d’accès de l’application : C:\Windows\system32\wwahost.exe

    ID de rapport : 6882a13c-9790-11e5-825c-003c7ff0f00a

    Nom complet du package défaillant : DellInc.DellShop_1.9.1.0_neutral__htrsf667h5kn2

    ID de l’application relative au package défaillant : App

    Error: (11/30/2015 01:25:20 PM) (Source: Software Protection Platform Service) (EventID: 8211) (User: )
    Description: Les jetons de clé de produit et licence Windows mis à jour ont échoué avec le code d’erreur 0x80070005.

    Error: (11/30/2015 00:12:27 PM) (Source: Python Service) (EventID: 255) (User: )
    Description: Exception : (1058, 'StartService', 'The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.')

    Error: (11/30/2015 11:12:33 AM) (Source: Python Service) (EventID: 255) (User: )
    Description: Exception : (1058, 'StartService', 'The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.')


    System errors:
    =============
    Error: (11/30/2015 10:19:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

    Error: (11/30/2015 08:36:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: Le service Credential Manager s’est arrêté avec l’erreur :
    %%87

    Error: (11/30/2015 08:26:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: Le service Credential Manager s’est arrêté avec l’erreur :
    %%87

    Error: (11/30/2015 08:16:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: Le service Credential Manager s’est arrêté avec l’erreur :
    %%87

    Error: (11/30/2015 08:10:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: Le service Credential Manager s’est arrêté avec l’erreur :
    %%87

    Error: (11/30/2015 08:06:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: Le service Credential Manager s’est arrêté avec l’erreur :
    %%87

    Error: (11/30/2015 07:56:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: Le service Credential Manager s’est arrêté avec l’erreur :
    %%87

    Error: (11/30/2015 07:46:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: Le service Credential Manager s’est arrêté avec l’erreur :
    %%87

    Error: (11/30/2015 07:46:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: Le service Credential Manager s’est arrêté avec l’erreur :
    %%87

    Error: (11/30/2015 06:37:24 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: Le service Credential Manager s’est arrêté avec l’erreur :
    %%87


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
    Percentage of memory in use: 33%
    Total physical RAM: 8143.21 MB
    Available physical RAM: 5423.41 MB
    Total Virtual: 9423.21 MB
    Available Virtual: 6057.48 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:917.27 GB) (Free:762.7 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: EB859F3D)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
  3. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...