Inactive Possible Virus

Status
Not open for further replies.
Fireryash

Fireryash

Computer has been freaking out lately. Couldn't go on certain web pages at first, then I could but it took 5 minutes to load one page and now my browser keeps closing and opening on it's own. I did scans, nothing turned up on them so I turned to this instead. Hope you can help.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-11-2015
Ran by Stéphane (administrator) on POPSY (01-12-2015 00:00:57)
Running from C:\Users\Stéphane\Downloads
Loaded Profiles: Stéphane (Available Profiles: Stéphane & Administrator)
Platform: Windows 8.1 (X64) Language: Anglais (États-Unis)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\WINDOWS\System32\mfevtps.exe
(McAfee, Inc.) C:\WINDOWS\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\WINDOWS\System32\SkyDrive.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\WINDOWS\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_245.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_245.exe
(Microsoft Corporation) C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\WINDOWS\System32\WWAHost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [719272 2015-04-02] (McAfee, Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-07-31] (Qualcomm®Atheros®)
HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\Run: [Dropbox Update] => "C:\Users\Stéphane\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\Run: [Birds] => C:\Users\Stéphane\AppData\Local\Birds\birds365.exe
HKU\S-1-5-21-2305276200-880437817-2703856125-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11776 2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
Startup: C:\Users\Stéphane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-11-09]
ShortcutTarget: Dropbox.lnk -> C:\Users\Stéphane\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Stéphane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk.disabled [2014-07-09]
ShortcutTarget: OpenOffice.org 3.1.lnk.disabled -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Stéphane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-11-28]
ShortcutTarget: SmartWeb.lnk -> C:\Users\Stéphane\AppData\Local\SmartWeb\SmartWebHelper.exe (No File)
CHR HKU\S-1-5-21-2305276200-880437817-2703856125-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3A65BCD6-CC51-4BE8-8E69-0A8595F1340A}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{7240100B-9783-4000-9EBE-35DA510ECDC7}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-2305276200-880437817-2703856125-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-2305276200-880437817-2703856125-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ca/
HKU\S-1-5-21-2305276200-880437817-2703856125-1001\Software\Microsoft\Internet Explorer\Main,DisableRequiresActiveXPrompt = www.moviestarplanet.ca
HKU\S-1-5-21-2305276200-880437817-2703856125-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKU\S-1-5-21-2305276200-880437817-2703856125-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_popjar_15_48_ssg06&cd=2XzuyEtN2Y1L1QzuzytDyEzzzy0Azz0B0ByC0EzytAtC0DzytN0D0Tzu0StCyEtByBtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDtCzzzyyD0DtDtAtGyD0ByD0EtGyE0EtB0BtGtDzz0B0DtGzzyB0BzyyBtAyB0Fzz0E0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyDtAyByBtCtC0FtGzz0FyB0AtGyEzztDzytG0A0E0FtAtGyEzy0FyBzzyB0B0F0ByByCzz2QtN0A0LzuyE&cr=1126545279&ir=
SearchScopes: HKU\S-1-5-21-2305276200-880437817-2703856125-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325281&octid=EB_ORIGINAL_CTID&ISID=IFD73A98B-0D91-4F1C-9BE9-CC2BCB9A60C7&SearchSource=58&CUI=&UM=8&UP=SPF00348D6-0D21-4E26-9BB1-636B8C8B028E&D=112815&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2305276200-880437817-2703856125-1001 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKU\S-1-5-21-2305276200-880437817-2703856125-1001 -> {6586d803-df30-46d3-a89a-4136c8571d45} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2305276200-880437817-2703856125-1001 -> {66257AB4-CB2A-4DAB-9E04-7BB72463D9EB} URL = hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_dstndrm_15_11&cd=2XzuyEtN2Y1L1QzuzytDyEzzzy0Azz0B0ByC0EzytAtC0DzytN0D0Tzu0StCtCyCyEtN1L2XzutAtFzztFtAtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0AtD0A0E0DtCtG0BtC0A0EtG0BtC0B0FtGtAyC0B0AtGyEyEtCyDzy0A0F0F0AtD0A0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyDtAyByBtCtC0FtGzz0FyB0AtGyEzztDzytG0A0E0FtAtGyEzy0FyBzzyB0B0F0ByByCzz2QtN1B2Z1V1T1S1NzuyDzztA&cr=1349387303&ir=
SearchScopes: HKU\S-1-5-21-2305276200-880437817-2703856125-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.palikan.com/results.php?f=4&q={searchTerms}&a=plk_popjar_15_48_ssg06&cd=2XzuyEtN2Y1L1QzuzytDyEzzzy0Azz0B0ByC0EzytAtC0DzytN0D0Tzu0StCyEtByBtN1L2XzutAtFtCyEtFtDtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDtCzzzyyD0DtDtAtGyD0ByD0EtGyE0EtB0BtGtDzz0B0DtGzzyB0BzyyBtAyB0Fzz0E0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCyDtAyByBtCtC0FtGzz0FyB0AtGyEzztDzytG0A0E0FtAtGyEzy0FyBzzyB0B0F0ByByCzz2QtN0A0LzuyE&cr=1126545279&ir=
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2013-07-31] (Qualcomm®Atheros®)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-11-13] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-11-13] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-11-13] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-11-13] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-04-07] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-04-07] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Stéphane\AppData\Roaming\Mozilla\Firefox\Profiles\ne3tnxqz.Meow
FF Homepage: hxxps://www.google.ca/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0ahUKEwj5vY_Y6rnJAhWD6x4KHScdBNQQFggcMAA&url=https%3A%2F%2Fwww.google.fr%2F&usg=AFQjCNGdHlVoNRlBX2ykwfj-cD_jxplLog
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-30] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-04-07] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-02-19] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-02-19] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-04-07] ()
FF Plugin HKU\S-1-5-21-2305276200-880437817-2703856125-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Stéphane\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-03]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-11-29] [not signed]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-11-29]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-11-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-07-31] (Windows (R) Win 7 DDK provider) [File not signed]
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2574168 2015-09-11] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201560 2015-09-11] (Dell Inc.)
S4 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [139328 2014-02-19] (Aviata, Inc.)
S2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [149496 2014-01-15] (Dell Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-02-19] (Intel Corporation)
S4 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-01-17] ()
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-02-19] (Intel Corporation)
S4 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [157928 2015-11-13] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [753768 2015-04-07] (McAfee, Inc.)
S4 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-24] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
S4 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe [207344 2015-06-04] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
S4 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
S4 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [612688 2015-04-09] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
S4 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
S4 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-02-17] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [372144 2015-04-06] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [250672 2015-02-17] (McAfee, Inc.)
S4 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
S4 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-10] (Dell Inc.) [File not signed]
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
S4 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [2005392 2015-02-12] (SoftThinks SAS)
S4 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [21160 2015-09-30] (Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
S4 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
S4 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3837440 2013-08-08] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-07-30] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-06-20] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-02-17] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-09-11] (Dell Computer Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [401736 2015-02-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [337888 2015-02-17] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-02-17] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-02-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864072 2015-02-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [482600 2015-01-16] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-01-16] (McAfee, Inc.)
S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-11-13] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340448 2015-02-17] (McAfee, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-01 00:00 - 2015-12-01 00:01 - 00019172 _____ C:\Users\Stéphane\Downloads\FRST.txt
2015-12-01 00:00 - 2015-12-01 00:00 - 02350080 _____ (Farbar) C:\Users\Stéphane\Downloads\FRST64.exe
2015-12-01 00:00 - 2015-12-01 00:00 - 00000000 ____D C:\FRST
2015-11-30 23:59 - 2015-11-30 23:59 - 01721344 _____ (Farbar) C:\Users\Stéphane\Downloads\FRST.exe
2015-11-30 22:44 - 2015-11-30 22:44 - 00000000 ___RD C:\Users\Stéphane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-11-30 13:35 - 2015-11-30 13:36 - 00000629 _____ C:\Users\Stéphane\Desktop\Se7en.txt
2015-11-30 12:09 - 2015-11-30 12:09 - 00000000 ____D C:\Users\Stéphane\Desktop\Anciennes données de Firefox
2015-11-30 11:21 - 2015-11-30 11:21 - 00000000 ____D C:\Users\Stéphane\AppData\Local\Macromedia
2015-11-30 11:19 - 2015-11-30 11:20 - 00000000 ____D C:\Users\Stéphane\AppData\Local\Adobe
2015-11-29 22:21 - 2015-11-30 11:22 - 00000000 ____D C:\Users\Stéphane\AppData\Local\Mozilla
2015-11-29 22:21 - 2015-11-29 22:22 - 00000000 ____D C:\Users\Stéphane\AppData\Roaming\Mozilla
2015-11-29 22:21 - 2015-11-29 22:21 - 00243992 _____ C:\Users\Stéphane\Downloads\Firefox Setup Stub 42.0.exe
2015-11-29 22:21 - 2015-11-29 22:21 - 00001173 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-11-29 22:21 - 2015-11-29 22:21 - 00001161 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-11-29 22:21 - 2015-11-29 22:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-29 22:21 - 2015-11-29 22:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-29 22:12 - 2015-11-29 22:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-11-29 21:34 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-11-29 11:18 - 2015-11-29 11:18 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-11-29 09:13 - 2015-11-29 09:13 - 00003818 _____ C:\Windows\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2015-11-29 09:13 - 2015-11-29 09:13 - 00000000 __HDC C:\ProgramData\{AA6BF06E-316C-487A-9BC2-5F06A43C56B1}
2015-11-29 09:12 - 2015-11-29 09:43 - 00000000 ____D C:\ProgramData\SupportAssistAgent
2015-11-29 09:10 - 2015-11-29 09:13 - 00000000 ____D C:\Program Files\Dell
2015-11-29 09:10 - 2015-11-29 09:10 - 00004030 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-11-29 09:10 - 2015-11-29 09:10 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-11-29 09:10 - 2015-11-29 09:10 - 00003218 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-11-29 09:10 - 2015-11-29 09:10 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2015-11-29 09:10 - 2015-11-29 09:10 - 00000000 ____D C:\Program Files\Dell Support Center
2015-11-29 09:08 - 2015-11-29 09:10 - 00000000 ____D C:\Users\Stéphane\AppData\Roaming\PCDr
2015-11-28 19:19 - 2015-11-28 19:19 - 00003344 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2015-11-28 19:19 - 2015-11-28 19:19 - 00000000 ____D C:\Program Files\Common Files\AV
2015-11-28 18:56 - 2015-11-28 18:56 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-11-28 18:56 - 2015-11-28 18:56 - 00000000 ____D C:\Users\Stéphane\AppData\Roaming\Macromedia
2015-11-28 18:54 - 2015-11-28 18:54 - 00000000 ____D C:\Users\Stéphane\AppData\Roaming\Adobe
2015-11-28 18:50 - 2015-11-30 11:13 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2305276200-880437817-2703856125-1001
2015-11-28 18:49 - 2015-11-28 18:49 - 00000000 ____D C:\Users\Stéphane\AppData\Local\Aviata
2015-11-28 18:47 - 2015-11-28 18:47 - 00000000 ____D C:\Users\Stéphane\AppData\Roaming\Intel Corporation
2015-11-28 18:46 - 2015-11-28 18:46 - 00000000 ____D C:\Users\Stéphane\Documents\Bluetooth Folder
2015-11-28 18:46 - 2015-11-28 18:46 - 00000000 ____D C:\Users\Stéphane\AppData\Local\BMExplorer
2015-11-28 18:45 - 2015-11-30 22:43 - 00000000 __RDO C:\Users\Stéphane\OneDrive
2015-11-28 18:45 - 2015-11-28 18:46 - 00000000 ____D C:\ProgramData\Atheros
2015-11-28 18:45 - 2015-11-28 18:45 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-11-28 18:45 - 2015-11-28 18:45 - 00000000 ____D C:\Users\Stéphane\AppData\Roaming\Atheros
2015-11-28 18:43 - 2015-11-30 08:17 - 00000000 ____D C:\Users\Stéphane\AppData\Local\CrashDumps
2015-11-28 18:42 - 2015-11-28 18:42 - 00000000 __SHD C:\System Recovery
2015-11-28 18:42 - 2015-11-28 18:42 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery
2015-11-28 18:41 - 2015-11-28 18:41 - 00000000 ____D C:\Users\Stéphane\AppData\Local\Power2Go8
2015-11-28 18:40 - 2015-11-28 18:57 - 00000000 __SHD C:\Users\Stéphane\AppData\Local\EmieUserList
2015-11-28 18:40 - 2015-11-28 18:57 - 00000000 __SHD C:\Users\Stéphane\AppData\Local\EmieSiteList
2015-11-28 18:40 - 2015-11-28 18:40 - 00000000 ____D C:\Windows\System32\Tasks\GenericSettingsHandler
2015-11-28 18:39 - 2015-11-28 18:39 - 00000020 ___SH C:\Users\Stéphane\ntuser.ini
2015-11-28 18:27 - 2015-11-28 18:27 - 00000030 _____ C:\20151128164011_BACKUPMIGRATION_STATUS.INI
2015-11-28 18:25 - 2015-04-05 11:00 - 00465640 ___SH (SoftThinks SAS) C:\Users\Stéphane\AppData\Local\SDSRepStore.exe
2015-11-28 18:25 - 2015-04-05 11:00 - 00041496 ___SH C:\Users\Stéphane\AppData\Local\SDSRepStore.xml
2015-11-28 18:25 - 2015-04-05 11:00 - 00000567 ___SH C:\Users\Stéphane\AppData\Local\SDSAppxReg.ps1
2015-11-28 18:16 - 2015-11-28 18:45 - 00000000 ____D C:\Users\Stéphane\OneDrive (2).old
2015-11-28 18:16 - 2015-11-28 18:16 - 00000000 ____D C:\Users\Stéphane\OneDrive.old
2015-11-28 18:15 - 2015-11-28 18:16 - 00000000 ____D C:\Users\Stéphane\Dropbox
2015-11-28 18:15 - 2015-11-28 18:15 - 00000000 ____D C:\Users\Public\AccountPictures
2015-11-28 18:15 - 2015-11-28 18:15 - 00000000 ____D C:\uninst
2015-11-28 18:15 - 2015-11-28 18:15 - 00000000 ____D C:\KOGGAMES
2015-11-28 18:15 - 2015-11-28 18:15 - 00000000 ____D C:\20151127073800_BACKUP
2015-11-28 18:07 - 2015-11-30 11:07 - 00000000 ____D C:\Users\Stéphane\Desktop\torrent
2015-11-28 18:06 - 2015-11-28 18:07 - 00000000 ____D C:\Users\Stéphane\Desktop\Photos
2015-11-28 18:06 - 2015-11-28 18:06 - 00000000 ____D C:\Users\Stéphane\Desktop\muzik
2015-11-28 18:06 - 2015-11-28 18:06 - 00000000 ____D C:\Users\Stéphane\Desktop\Juliette Folder
2015-11-28 18:05 - 2015-11-28 18:06 - 00000000 ____D C:\Users\Stéphane\Desktop\Isabelle
2015-11-28 18:05 - 2015-11-28 18:05 - 00000000 ____D C:\Users\Stéphane\Documents\Wondershare DVD Creator
2015-11-28 18:05 - 2015-11-28 18:05 - 00000000 ____D C:\Users\Stéphane\Documents\CyberLink
2015-11-28 18:05 - 2015-11-28 18:05 - 00000000 ____D C:\Users\Stéphane\Desktop\horaire bus
2015-11-28 18:05 - 2015-11-28 18:05 - 00000000 ____D C:\Users\Stéphane\Desktop\DIVERS
2015-11-28 18:03 - 2015-11-28 18:03 - 00000000 _SHDL C:\Users\Default\My Documents
2015-11-28 18:03 - 2015-11-28 18:03 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2015-11-28 18:03 - 2015-11-28 18:03 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2015-11-28 18:03 - 2015-11-28 18:03 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2015-11-28 18:03 - 2015-11-28 18:03 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2015-11-28 18:03 - 2015-11-28 18:03 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2015-11-28 18:03 - 2015-11-28 18:03 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2015-11-28 18:01 - 2015-11-29 22:16 - 00000000 ____D C:\ProgramData\SoftThinks
2015-11-28 17:48 - 2015-11-28 17:48 - 00000000 ____D C:\Windows\SMINST
2015-11-28 17:40 - 2015-11-28 17:41 - 00001817 _____ C:\Users\Stéphane\Desktop\all.txt
2015-11-28 16:40 - 2015-11-28 18:26 - 00000000 ____D C:\20151128164011_BACKUP
2015-11-28 00:35 - 2015-11-29 22:15 - 00000000 ____D C:\Users\Stéphane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2015-11-28 00:35 - 2015-11-28 18:03 - 00000000 ____D C:\Users\Stéphane\AppData\LocalLow\Company
2015-11-28 00:35 - 2015-11-28 18:03 - 00000000 ____D C:\Users\Stéphane\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2015-11-27 17:07 - 2015-11-27 17:07 - 00000025 _____ C:\Users\Stéphane\Desktop\serial number bMafee.txt
2015-11-27 14:39 - 2015-11-27 10:20 - 00000000 _____ C:\Recovery.txt
2015-11-21 23:50 - 2015-11-21 23:51 - 00000081 _____ C:\Users\Stéphane\Desktop\Cyrano de Bergerac.txt
2015-11-09 19:28 - 2015-11-28 18:03 - 00000000 ____D C:\Users\Stéphane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-06 23:13 - 2015-11-06 23:13 - 00730062 _____ C:\Users\Stéphane\Downloads\Liste d'ancienneté préliminaire au 30 juin 2015 - Employés temporaires(1).pdf
2015-11-06 20:52 - 2015-11-06 20:52 - 00730062 _____ C:\Users\Stéphane\Downloads\Liste d'ancienneté préliminaire au 30 juin 2015 - Employés temporaires.pdf
2015-11-06 20:48 - 2015-11-06 20:48 - 01065463 _____ C:\Users\Stéphane\Downloads\Liste d'ancienneté préliminaire au 30 juin 2015 - Employés Réguliers(1).pdf
2015-11-06 20:47 - 2015-11-06 20:47 - 01065463 _____ C:\Users\Stéphane\Downloads\Liste d'ancienneté préliminaire au 30 juin 2015 - Employés Réguliers.pdf
2015-11-04 22:05 - 2015-11-04 22:05 - 00688891 _____ C:\Users\Stéphane\Downloads\37fb2339-7846-489b-a94c-edcac4362f5b.PDF

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-01 00:00 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS
2015-11-30 17:35 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\NDF
2015-11-30 10:08 - 2014-06-20 20:44 - 01827432 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-30 10:08 - 2013-08-29 08:05 - 00810364 _____ C:\Windows\system32\perfh00C.dat
2015-11-30 10:08 - 2013-08-29 08:05 - 00159310 _____ C:\Windows\system32\perfc00C.dat
2015-11-30 10:08 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Inf
2015-11-30 10:03 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-30 10:03 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-11-29 22:16 - 2014-06-20 21:07 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2015-11-29 21:58 - 2014-06-20 21:04 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-11-29 21:34 - 2014-06-20 21:04 - 00000000 ____D C:\Program Files\Common Files\mcafee
2015-11-29 21:34 - 2013-08-22 10:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-11-29 21:34 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-11-29 09:12 - 2014-06-20 21:10 - 00000000 ____D C:\Program Files (x86)\Dell
2015-11-29 09:10 - 2014-06-20 21:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-11-29 09:10 - 2014-06-20 21:04 - 00000000 ____D C:\ProgramData\PCDr
2015-11-29 00:38 - 2014-06-20 21:04 - 00000000 ____D C:\ProgramData\McAfee
2015-11-29 00:09 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\rescache
2015-11-28 19:40 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-28 19:34 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
2015-11-28 19:12 - 2013-08-22 09:44 - 00344624 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-28 18:45 - 2014-06-29 14:54 - 00000000 ____D C:\Users\Stéphane
2015-11-28 18:44 - 2014-06-20 20:54 - 00000000 ____D C:\ProgramData\Intel
2015-11-28 18:19 - 2014-06-20 20:34 - 00000000 ____D C:\Windows\Panther
2015-11-28 18:19 - 2013-08-22 10:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2015-11-28 18:19 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\WinStore
2015-11-28 18:19 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\vpnplugins
2015-11-28 18:19 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\FileManager
2015-11-28 18:19 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\Camera
2015-11-28 18:19 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\oobe
2015-11-28 18:17 - 2014-06-29 14:54 - 00000000 ____D C:\Users\Stéphane\AppData\Local\Packages
2015-11-28 18:03 - 2015-08-26 15:09 - 00000000 ____D C:\Users\Stéphane\AppData\LocalLow\Oracle
2015-11-28 18:03 - 2015-06-11 17:13 - 00000000 ____D C:\Users\Stéphane\AppData\LocalLow\Sun
2015-11-28 18:03 - 2015-02-19 14:48 - 00000000 ____D C:\Users\Stéphane\AppData\LocalLow\RbxLogs
2015-11-28 18:03 - 2014-10-22 17:39 - 00000000 ____D C:\Users\Stéphane\AppData\LocalLow\Adobe
2015-11-28 18:03 - 2014-09-27 14:41 - 00000000 ____D C:\Users\Stéphane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2015-11-28 18:03 - 2014-07-15 14:40 - 00000000 ____D C:\Users\Stéphane\AppData\LocalLow\Unity
2015-11-28 18:03 - 2014-07-10 15:05 - 00000000 ____D C:\Users\Stéphane\AppData\LocalLow\Temp
2015-11-28 18:03 - 2014-06-29 14:54 - 00000000 ____D C:\Users\Stéphane\AppData\Local\VirtualStore
2015-11-27 17:22 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\SMI
2015-11-25 23:32 - 2015-02-19 14:48 - 00000247 _____ C:\Users\Stéphane\AppData\LocalLow\rbxcsettings.rbx

==================== Files in the root of some directories =======

2015-11-28 18:25 - 2015-04-05 11:00 - 0000567 ___SH () C:\Users\Stéphane\AppData\Local\SDSAppxReg.ps1
2015-11-28 18:25 - 2015-04-05 11:00 - 0465640 ___SH (SoftThinks SAS) C:\Users\Stéphane\AppData\Local\SDSRepStore.exe
2015-11-28 18:46 - 2015-11-28 19:28 - 0052510 ___SH () C:\Users\Stéphane\AppData\Local\SDSRepStore.exe.SDS.LOG
2015-11-28 18:25 - 2015-04-05 11:00 - 0041496 ___SH () C:\Users\Stéphane\AppData\Local\SDSRepStore.xml
2014-06-20 20:30 - 2014-06-20 20:30 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-06-20 21:03 - 2014-06-20 21:03 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-06-20 21:01 - 2014-06-20 21:01 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-06-20 21:01 - 2014-06-20 21:02 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-06-20 21:02 - 2014-06-20 21:03 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-06-20 21:01 - 2014-06-20 21:01 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-28 19:40

==================== End of FRST.txt ============================

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-11-2015
Ran by Stéphane (2015-12-01 00:01:35)
Running from C:\Users\Stéphane\Downloads
Windows 8.1 (X64) (2014-06-21 02:18:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2305276200-880437817-2703856125-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-2305276200-880437817-2703856125-501 - Limited - Disabled)
Stéphane (S-1-5-21-2305276200-880437817-2703856125-1001 - Administrator - Enabled) => C:\Users\Stéphane

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Protection antivirus et antispyware McAfee (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Protection antivirus et antispyware McAfee (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: Pare-feu McAfee (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
BitTorrent (HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\BitTorrent) (Version: 7.9.2.38657 - BitTorrent Inc.)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.2.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.8.1.70 - Dell Inc.)
Dell Data Vault (Version: 4.3.5.1 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{764E68FE-C2F9-410E-90A8-CE7F8B9A36E2}) (Version: 2.03.0204 - Aviata Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.93 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.1.14 - Dell)
Dell Update (HKLM-x32\...\{1D817B4D-A183-48C0-8463-FCC39459367B}) (Version: 1.0.1014.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Dropbox (HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\Dropbox) (Version: 3.10.11 - Dropbox, Inc.)
Extension Bus (HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\{E57B125A-F406-3FDE-E000-A448B7097482}) (Version: 1.2.1 - Web Pool corp)
Intel(R) Chipset Device Software (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1168 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{AD6B46F2-FE21-496F-BE90-BE19AABE353C}) (Version: 2.2.12 - Intel Corporation)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 14.0.1029 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.203 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 fr) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 fr)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0 - Mozilla)
My Dell Client Framework (HKLM-x32\...\InstallShield_{05F1B866-2372-4E82-9AA8-C64FB11CEF8B}) (Version: 1.0.0.3 - Dell)
My Dell Client Framework (x32 Version: 1.0.0.3 - Dell) Hidden
PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.232 - Qualcomm Atheros Communications)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.)
Unity Web Player (HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2305276200-880437817-2703856125-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Stéphane\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-2305276200-880437817-2703856125-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Stéphane\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll => No File
CustomCLSID: HKU\S-1-5-21-2305276200-880437817-2703856125-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stéphane\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll => No File
CustomCLSID: HKU\S-1-5-21-2305276200-880437817-2703856125-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stéphane\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll => No File
CustomCLSID: HKU\S-1-5-21-2305276200-880437817-2703856125-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stéphane\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll => No File
CustomCLSID: HKU\S-1-5-21-2305276200-880437817-2703856125-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stéphane\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll => No File
CustomCLSID: HKU\S-1-5-21-2305276200-880437817-2703856125-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stéphane\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll => No File
CustomCLSID: HKU\S-1-5-21-2305276200-880437817-2703856125-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stéphane\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll => No File
CustomCLSID: HKU\S-1-5-21-2305276200-880437817-2703856125-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stéphane\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll => No File
CustomCLSID: HKU\S-1-5-21-2305276200-880437817-2703856125-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Stéphane\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll => No File
CustomCLSID: HKU\S-1-5-21-2305276200-880437817-2703856125-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Stéphane\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll => No File

==================== Restore Points =========================

28-11-2015 23:56:52 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {19DAAA27-413A-492C-A04E-E9E54CFC2DA7} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {28E7577C-A9AC-488C-A7EB-7A969A442937} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-10-29] (PC-Doctor, Inc.)
Task: {2CA846A9-8808-44FA-87EE-C21B49E55F16} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {3DD9A774-D594-4D1B-AD32-B7C933279B87} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-01-17] ()
Task: {43CA96AB-D124-4AC0-B7C2-A6385F2BBFEB} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-02-19] (Aviata Inc)
Task: {5A3D8B8D-DB4C-4F43-8EA1-A3F524D78E29} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()
Task: {666FBFB7-2013-416C-81B5-9A19E61A74C6} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-01-17] ()
Task: {6CF14C6D-132A-4878-9176-41CBE6DCFAD7} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
Task: {6E348310-0378-4D90-8ECC-AD9353671AF4} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()
Task: {800DFE9E-0FA4-4549-AFA4-432071083CA6} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2305276200-880437817-2703856125-1001
Task: {8DD4726E-7E3E-462A-8A69-BFA1842BF8E3} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-10-29] (PC-Doctor, Inc.)
Task: {91F07CB3-813F-4952-A027-8A232A9C90ED} - System32\Tasks\PocketCloudUpdater => C:\Program
Task: {97CFEAAA-9E57-414B-A7C8-EB9EF1D40C7A} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-09-01] (McAfee, Inc.)
Task: {AF3CE790-522C-47CE-B84B-983A52955F47} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-09-30] (Dell Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-06-20 21:09 - 2013-08-19 11:21 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-06-20 21:09 - 2013-08-19 11:21 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2013-07-30 23:59 - 2013-07-30 23:59 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-07-30 23:55 - 2013-07-30 23:55 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2013-07-31 00:04 - 2013-07-31 00:04 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
2014-06-20 21:01 - 2013-03-04 22:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 13:41 - 2013-03-05 13:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\123simsen.com -> www.123simsen.com

There are 7867 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2305276200-880437817-2703856125-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Stéphane\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: AtherosSvc => 2
MSCONFIG\Services: DellProdRegManager => 3
MSCONFIG\Services: iumsvc => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: McAfee SiteAdvisor Service => 2
MSCONFIG\Services: McAWFwk => 3
MSCONFIG\Services: mcbootdelaystartsvc => 2
MSCONFIG\Services: mccspsvc => 2
MSCONFIG\Services: McNaiAnn => 2
MSCONFIG\Services: McODS => 3
MSCONFIG\Services: mcpltsvc => 2
MSCONFIG\Services: McProxy => 2
MSCONFIG\Services: MSK80Service => 2
MSCONFIG\Services: My Dell Client Framework => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: SftService => 2
MSCONFIG\Services: SupportAssistAgent => 2
MSCONFIG\Services: WysePocketCloud => 2
MSCONFIG\Services: WyseRemoteAccess => 2
HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.1.lnk"
HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.1.lnk.disabled"
HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\StartupApproved\StartupFolder: => "SmartWeb.lnk"
HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\StartupApproved\Run: => "Itibiti.exe"
HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
HKU\S-1-5-21-2305276200-880437817-2703856125-1001\...\StartupApproved\Run: => "Birds"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{C12139D5-3CAE-47A1-BBB8-F47657EBF016}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe
FirewallRules: [{647A3CB2-8F6A-404B-AAC5-5CD7AE48B49A}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\AetherWindowsService.exe
FirewallRules: [{99385F13-9B57-4858-8B1D-9BC660CB6AEF}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
FirewallRules: [{702CF2FD-FB8A-49F9-8B70-805778C2DAAF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{FF1B0F21-89A8-4446-B2A0-982A3AFEAFA7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{1787DAA5-4086-42E1-A2C7-329A84C464B3}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{77C66930-0581-42A3-BF4F-CCE5C3380C24}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{A18B88E9-8B55-4257-AD0F-1047329103C3}] => (Allow) C:\Users\Stéphane\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{12A40D33-A0C6-430E-BF38-582B8C738017}] => (Allow) C:\Users\Stéphane\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{26359C95-A3ED-4454-9E50-297283FB8705}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{D575D8F1-F02F-439C-A956-97516644DE2D}] => (Allow) C:\Users\Stéphane\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{F94EABEE-30B1-4ABB-96FA-0EE86E3AD61A}] => (Allow) C:\Users\Stéphane\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{0ABA4932-0D21-4090-BF36-E0093A4E5A44}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{59A3C3EC-C628-4D3A-8EE6-047135A93C09}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{850A194A-2DA0-453C-9AB2-DBDF84F91DAE}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{001559FC-C4D6-4A0B-8709-05CD98176D1E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{8D081E3C-20A3-4BD3-BA39-8195FAF51044}] => (Allow) C:\KOGGAMES\Elsword\data\x2.exe
FirewallRules: [{41F0E7D0-2F5B-4EFD-A23C-4976C1655C2C}] => (Allow) C:\KOGGAMES\Elsword\data\x2.exe
FirewallRules: [TCP Query User{8E988940-CAF3-4ACF-A296-A8AD33ACC4A3}C:\users\stéphane\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\stéphane\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{0B8D3433-E5DB-484D-B7D1-22387F0B600B}C:\users\stéphane\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\stéphane\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{B899C08B-40C8-4114-A860-2153E9B0E450}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{814291EC-0177-40A9-905A-F16F923E1A20}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{E70EFBC1-A5FA-4CD2-BC12-A1EC0D4F1DDE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9214EAE1-54E9-4AFE-8309-F5662A2CF831}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BF1BBEEC-DE17-49E7-AD62-D45226CE92F4}] => (Allow) C:\Program Files (x86)\Microsoft.NET\v2.0.507237\client.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/30/2015 11:54:33 PM) (Source: Software Protection Platform Service) (EventID: 8211) (User: )
Description: Les jetons de clé de produit et licence Windows mis à jour ont échoué avec le code d’erreur 0x80070005.

Error: (11/30/2015 10:48:52 PM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : (1058, 'StartService', 'The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.')

Error: (11/30/2015 10:43:52 PM) (Source: Software Protection Platform Service) (EventID: 8211) (User: )
Description: Les jetons de clé de produit et licence Windows mis à jour ont échoué avec le code d’erreur 0x80070005.

Error: (11/30/2015 08:43:45 PM) (Source: Software Protection Platform Service) (EventID: 8211) (User: )
Description: Les jetons de clé de produit et licence Windows mis à jour ont échoué avec le code d’erreur 0x80070005.

Error: (11/30/2015 05:28:07 PM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : (1058, 'StartService', 'The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.')

Error: (11/30/2015 05:23:04 PM) (Source: Software Protection Platform Service) (EventID: 8211) (User: )
Description: Les jetons de clé de produit et licence Windows mis à jour ont échoué avec le code d’erreur 0x80070005.

Error: (11/30/2015 01:30:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Le programme wwahost.exe version 6.3.9600.17031 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance.

ID de processus : aec

Heure de début : 01d12b9c74fe807e

Heure de fin : 4294967295

Chemin d’accès de l’application : C:\Windows\system32\wwahost.exe

ID de rapport : 6882a13c-9790-11e5-825c-003c7ff0f00a

Nom complet du package défaillant : DellInc.DellShop_1.9.1.0_neutral__htrsf667h5kn2

ID de l’application relative au package défaillant : App

Error: (11/30/2015 01:25:20 PM) (Source: Software Protection Platform Service) (EventID: 8211) (User: )
Description: Les jetons de clé de produit et licence Windows mis à jour ont échoué avec le code d’erreur 0x80070005.

Error: (11/30/2015 00:12:27 PM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : (1058, 'StartService', 'The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.')

Error: (11/30/2015 11:12:33 AM) (Source: Python Service) (EventID: 255) (User: )
Description: Exception : (1058, 'StartService', 'The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.')


System errors:
=============
Error: (11/30/2015 10:19:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/30/2015 08:36:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Le service Credential Manager s’est arrêté avec l’erreur :
%%87

Error: (11/30/2015 08:26:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Le service Credential Manager s’est arrêté avec l’erreur :
%%87

Error: (11/30/2015 08:16:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Le service Credential Manager s’est arrêté avec l’erreur :
%%87

Error: (11/30/2015 08:10:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Le service Credential Manager s’est arrêté avec l’erreur :
%%87

Error: (11/30/2015 08:06:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Le service Credential Manager s’est arrêté avec l’erreur :
%%87

Error: (11/30/2015 07:56:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Le service Credential Manager s’est arrêté avec l’erreur :
%%87

Error: (11/30/2015 07:46:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Le service Credential Manager s’est arrêté avec l’erreur :
%%87

Error: (11/30/2015 07:46:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Le service Credential Manager s’est arrêté avec l’erreur :
%%87

Error: (11/30/2015 06:37:24 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Le service Credential Manager s’est arrêté avec l’erreur :
%%87


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 33%
Total physical RAM: 8143.21 MB
Available physical RAM: 5423.41 MB
Total Virtual: 9423.21 MB
Available Virtual: 6057.48 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:917.27 GB) (Free:762.7 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: EB859F3D)

Partition: GPT.

==================== End of Addition.txt ============================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
redtarget.gif
Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.
  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
If you already have MBAM 2.0 installed:
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs:
(Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.
redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
794
uber_beetle
uber_beetle
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
R
Solved Data Hijacking, Help Please
2
Replies
37
Views
5K
Broni
Broni

Latest posts

Back