Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-07-2015 Ran by Thomas (administrator) on PC-DE-THOMAS (29-07-2015 11:52:11) Running from C:\Users\Thomas\Downloads Loaded Profiles: Thomas (Available Profiles: Thomas) Platform: Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 (X86) Language: Français (France) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\stacsv.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe (Teruten) C:\Windows\System32\FsUsbExService.Exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (CybelSoft) C:\Program Files\ma-config.com\MaConfigAgent.exe () C:\Program Files\SMINST\BLService.exe () C:\Program Files\CyberLink\Shared files\RichVideo.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (CyberLink Corp.) C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink) C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Wondershare) C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Safer Networking Limited) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\mrt.exe (Microsoft Corporation) C:\Windows\System32\mrt.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-01] (Advanced Micro Devices, Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [DVDAgent] => C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2008-09-26] (CyberLink Corp.) HKLM\...\Run: [TSMAgent] => C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1152296 2008-09-25] (CyberLink Corp.) HKLM\...\Run: [CLMLServer for HP TouchSmart] => C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-09-25] (CyberLink) HKLM\...\Run: [UCam_Menu] => C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.) HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [912688 2008-10-03] (Hewlett-Packard) HKLM\...\Run: [UpdateLBPShortCut] => C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.) HKLM\...\Run: [UpdatePSTShortCut] => C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2008-09-26] (CyberLink Corp.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [206128 2008-09-05] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [UpdateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.) HKLM\...\Run: [UpdatePDIRShortCut] => C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-13] (CyberLink Corp.) HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-16] (Hewlett-Packard) HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation) HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [446556 2008-09-11] (IDT, Inc.) HKLM\...\Run: [NPSStartup] => [X] HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM\...\Run: [] => [X] HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2086240 2015-04-28] (Wondershare) HKLM\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1960336 2015-06-16] () HKLM\...\RunOnce: [Lumeka] => C:\Windows\system32\wscript.exe /E:vbscript /B "C:\Users\Thomas\AppData\Local\57078A~1\Dufekoc.dat" HKU\S-1-5-21-1470378137-2302585655-3298812495-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited) HKU\S-1-5-21-1470378137-2302585655-3298812495-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-1470378137-2302585655-3298812495-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) BootExecute: autocheck autochk * sdnclean.exe CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:49484;https=127.0.0.1:49484 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKU\S-1-5-21-1470378137-2302585655-3298812495-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/ HKU\S-1-5-21-1470378137-2302585655-3298812495-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=Pavilion&pf=cnnb SearchScopes: HKLM -> {0C8DEA29-AD4D-43B8-9CD1-09634E0DA797} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1156&query={searchTerms}&invocationType=tb50hpcnnbie7-fr-fr SearchScopes: HKLM -> {1847F718-2B31-A507-9E39-137DC056E6B2} URL = SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = SearchScopes: HKLM -> {5EF71AF1-E5B1-45D2-B6F5-F3B4649BFEE3 URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzutDtDtBtAyE0EtBtBtDzyzztA0CtC0DzztN0D0Tzu0CyCyCtAtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=652642205&ir= SearchScopes: HKLM -> {AF8EDDE7-457C-4F6D-A330-1F3C184805CB} URL = http://fr.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 SearchScopes: HKLM -> {FEDEBE07-8D09-4E8B-9AB5-4F1FCBF30221} URL = http://fr.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913932 SearchScopes: HKU\S-1-5-21-1470378137-2302585655-3298812495-1000 -> {0E9B5935-6777-4A8B-95D9-FB80587A091F} URL = http://search.gophoto.it/?pl=1&q={searchTerms}&ch=v1noadmin_1402 SearchScopes: HKU\S-1-5-21-1470378137-2302585655-3298812495-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-1470378137-2302585655-3298812495-1000 -> {AF8EDDE7-457C-4F6D-A330-1F3C184805CB} URL = SearchScopes: HKU\S-1-5-21-1470378137-2302585655-3298812495-1000 -> {E921E94F-6CA8-4FE6-9DE3-35AFE9EDCC2E} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKU\S-1-5-21-1470378137-2302585655-3298812495-1000 -> {FFC12C2D-49B6-4080-9756-96E2154196D5} URL = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.apple.com/qtactivex/qtplugin.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation) Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.254 Tcpip\..\Interfaces\{6FAD31D1-3735-4CFD-9C1D-45C9C3C68B6E}: [DhcpNameServer] 192.168.0.254 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\t44a3k30.default-1438108731419 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-05] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-05] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-27] (Adobe Systems Inc.) FF Extension: Bitdefender QuickScan - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\t44a3k30.default-1438108731419\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2015-07-29] FF Extension: Blockulicious - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\t44a3k30.default-1438108731419\Extensions\{91A6D6AB-3E9A-4C00-A3CF-B08CBE803A2E}.xpi [2015-07-29] FF Extension: Adblock Plus - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\t44a3k30.default-1438108731419\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-07-28] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-20] FF HKLM\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com FF Extension: Wondershare Video Converter Ultimate - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com [2015-06-21] FF HKU\S-1-5-21-1470378137-2302585655-3298812495-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2013-12-29] FF ExtraCheck: C:\Program Files\mozilla firefox\firefox.cfg [2015-07-05] <==== ATTENTION Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR Profile: C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (No Name) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aacnlacfblhhkkogobaopnnekgmddapl [2013-10-29] CHR Extension: (No Name) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-20] CHR Extension: (GoPhotoIt Chrome Extension) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\begbnpffhnpedhocnobliippgejhjpfp [2014-02-09] CHR Extension: (Classic Scrollbar Buttons) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\depodjmgamlkfeokfapjnkbmjlkdhjhm [2015-07-27] CHR Extension: (No Name) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\eebjbooifigodcdpeiipikaiakbgccok [2013-10-29] CHR Extension: (UserAgent Switcher) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffhkkpnppgnfaobgihpdblnhmmbodake [2015-06-30] CHR Extension: (No Name) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\floipahigmmkfhkoapmnijnlnboniglg [2014-07-07] CHR Extension: (No Name) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkkmegfkjefcepkhcinhpgcpggdbkko [2013-12-31] CHR Extension: (No Name) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikcggonfhgaingjbhjanbibmlfeomooc [2014-04-14] CHR Extension: (No Name) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\inpmfaifiaagieggpmpjljcllhlelgkn [2014-07-07] CHR Extension: (No Name) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfdpmffapbkockcplgojimhhfghmojjp [2014-07-05] CHR Extension: (PubMed for Omnibox) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcipmkejkojihddfhdmgolhhnbjnhbpm [2015-07-28] CHR Extension: (No Name) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\oabphaconndgibllomdcjbfdghcmenci [2015-02-28] CHR Extension: (No Name) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajmcmcpiboagipoflploplebgicaadj [2014-07-05] CHR Extension: (Movenote for Gmail) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\odgidgkhpecdgiknllkdgcapbpiakbbl [2015-07-02] CHR Extension: (No Name) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofkkggfgbjlpcemnpbbheonmkhmbidol [2014-02-28] CHR HKLM\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - http://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-1470378137-2302585655-3298812495-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [begbnpffhnpedhocnobliippgejhjpfp] - C:\Users\Thomas\AppData\Roaming\Cool Mirage Ltd\gophotoit\1.8.29.5\gophotoit.crx [2013-12-24] CHR HKU\S-1-5-21-1470378137-2302585655-3298812495-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - http://clients2.google.com/service/update2/crx ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [129992 2008-02-03] (EasyBits Sofware AS) [File not signed] R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2009-03-31] (Teruten) [File not signed] R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-06-16] (Hewlett-Packard) [File not signed] S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-09] (Hewlett-Packard Company) [File not signed] R2 MaConfigAgent; C:\Program Files\ma-config.com\MaConfigAgent.exe [1867600 2013-10-04] (CybelSoft) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation) R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-10-06] () R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [241734 2008-06-30] () [File not signed] R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.) [File not signed] S2 bca22949; "C:\Windows\system32\rundll32.exe" "c:\Program Files\TrimInstance\TrimInstance.dll",serv ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 driverhardwarev2; C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [16640 2011-07-21] (CybelSoft) R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] () [File not signed] R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation) S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [90112 2009-03-20] (MCCI) S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14976 2009-03-20] (MCCI Corporation) S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [121856 2009-03-20] (MCCI Corporation) S3 wceusbsh; C:\Windows\System32\DRIVERS\wceusbsh.sys [108208 2007-06-28] (Microsoft Corporation) [File not signed] R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl [59376 2008-09-26] (Cyberlink Corp.) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS [X] S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S1 SRTSP; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS [X] S1 SRTSPX; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-29 11:52 - 2015-07-29 11:53 - 00022288 _____ C:\Users\Thomas\Downloads\FRST.txt 2015-07-29 11:51 - 2015-07-29 11:52 - 00000000 ____D C:\FRST 2015-07-29 11:50 - 2015-07-29 11:50 - 01673728 _____ (Farbar) C:\Users\Thomas\Downloads\FRST.exe 2015-07-28 21:23 - 2015-07-28 21:23 - 00000314 _____ C:\Windows\PFRO.log 2015-07-28 20:23 - 2015-07-28 20:23 - 00000000 ____D C:\Users\Thomas\Downloads\catalogue-tupperware-printemps-ete-2014-audio 2015-07-28 19:59 - 2015-07-28 20:13 - 00000000 ____D C:\Users\Thomas\Documents\Documents factures 2015-07-28 19:58 - 2015-07-28 19:59 - 00000000 ____D C:\Users\Thomas\Documents\Couture et autres 2015-07-28 19:46 - 2015-07-28 20:22 - 00005120 _____ C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-07-28 19:44 - 2015-07-28 19:44 - 00000000 ____D C:\Windows\pss 2015-07-28 11:42 - 2014-10-15 14:30 - 01976320 _____ C:\Users\Thomas\Desktop\adwcleaner_4.000.exe 2015-07-28 11:16 - 2015-07-28 11:17 - 00000000 ____D C:\Program Files\Hapupy2Saive 2015-07-28 11:15 - 2015-07-28 11:15 - 00000000 ____D C:\Program Files\PubMed for Omnibox 2015-07-28 11:14 - 2015-07-28 11:15 - 00000000 ____D C:\Program Files\HAPpY2Suave 2015-07-28 11:13 - 2015-07-28 11:13 - 00000000 ____D C:\Program Files\Happy2Savee 2015-07-27 20:57 - 2015-07-27 20:57 - 00000000 ____D C:\Program Files\Classic Scrollbar Buttons 2015-07-27 20:56 - 2015-07-27 20:57 - 00000000 ____D C:\Program Files\DowNSAAve 2015-07-27 20:56 - 2015-07-27 20:56 - 00000000 ____D C:\Program Files\DuOWnSave 2015-07-27 12:51 - 2015-07-27 12:51 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Ashampoo 2015-07-27 12:50 - 2015-07-27 12:51 - 00000000 ____D C:\Users\Thomas\AppData\Local\ashampoo 2015-07-27 12:50 - 2015-07-27 12:50 - 00000000 ____D C:\ProgramData\ashampoo 2015-07-27 10:04 - 2015-07-14 18:02 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-07-27 10:04 - 2015-07-14 16:23 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-07-27 10:04 - 2015-06-25 04:57 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-07-27 10:03 - 2015-07-03 18:04 - 01316864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2015-07-27 10:02 - 2015-06-17 18:50 - 02264576 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2015-07-27 10:02 - 2015-06-17 17:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe 2015-07-27 10:02 - 2015-06-12 18:01 - 00298496 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-07-27 09:58 - 2015-05-31 10:11 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll 2015-07-27 09:55 - 2015-06-27 18:03 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-07-27 09:55 - 2015-06-27 18:02 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-07-27 09:55 - 2015-06-27 18:02 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-07-27 09:55 - 2015-06-27 18:01 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-07-27 09:55 - 2015-06-27 16:21 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-07-27 09:55 - 2015-06-27 16:21 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-07-27 09:55 - 2015-06-12 15:13 - 00440768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-07-27 09:55 - 2015-01-09 02:17 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-07-24 10:41 - 2015-07-24 11:03 - 00000000 ____D C:\Users\Thomas\Desktop\Photos vidéos téléphone 2015-07-15 11:28 - 2015-07-03 07:31 - 12386304 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-07-15 11:28 - 2015-07-03 07:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-07-15 11:28 - 2015-06-17 03:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-07-15 11:28 - 2015-06-17 03:10 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-07-15 11:28 - 2015-06-17 03:09 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-07-15 11:28 - 2015-06-17 03:09 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-07-15 11:28 - 2015-06-17 03:09 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-07-15 11:28 - 2015-06-17 03:09 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-07-15 11:28 - 2015-06-17 03:08 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-07-15 11:28 - 2015-06-17 03:08 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-07-15 11:28 - 2015-06-17 03:08 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-07-15 11:28 - 2015-06-17 03:08 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2015-07-15 11:28 - 2015-06-17 03:08 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-07-15 11:28 - 2015-06-17 03:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-07-15 11:28 - 2015-06-17 03:08 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-07-15 11:28 - 2015-06-17 03:08 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2015-07-15 11:28 - 2015-06-17 03:08 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2015-07-15 11:28 - 2015-06-17 03:08 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2015-07-15 11:27 - 2015-06-17 03:14 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-07-15 11:27 - 2015-06-17 03:12 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-07-15 11:27 - 2015-06-17 03:08 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-07-15 11:27 - 2015-06-17 03:08 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-07-08 09:36 - 2015-07-08 09:36 - 00000000 ___HD C:\Users\Thomas\AppData\Local\57078a1202f3c061 2015-07-05 00:35 - 2015-07-28 21:21 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-07-02 11:31 - 2015-07-29 11:31 - 00000332 _____ C:\Windows\Tasks\Chromium.job 2015-07-02 11:30 - 2015-07-02 11:30 - 00000000 ____D C:\Users\Thomas\AppData\Local\Chromium 2015-07-02 09:10 - 2015-07-02 09:11 - 00000000 ____D C:\Program Files\BBeastSavuEFeorrYoou 2015-07-02 09:09 - 2015-07-02 09:11 - 00000000 ____D C:\Program Files\BBestSaveeForYoou 2015-07-02 09:09 - 2015-07-02 09:09 - 00000000 ____D C:\Program Files\Movenote for Gmail 2015-06-30 09:53 - 2015-07-02 09:45 - 00000000 ____D C:\Program Files\FinDBestDeaal 2015-06-30 09:53 - 2015-06-30 09:53 - 00000000 ____D C:\Program Files\FindBestDeAl 2015-06-30 09:52 - 2015-06-30 09:52 - 00000000 ____D C:\Program Files\UserAgent Switcher 2015-06-29 16:10 - 2015-06-30 09:53 - 00000000 ____D C:\Program Files\DoWnSAve 2015-06-29 16:09 - 2015-06-30 09:53 - 00000000 ____D C:\Program Files\DownSSaave 2015-06-29 16:08 - 2015-06-29 16:08 - 00000000 ____D C:\Program Files\DownSaivve 2015-06-29 16:07 - 2015-06-29 16:07 - 00000000 ____D C:\Program Files\Color Icons for Gmail ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-29 11:50 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-07-29 11:50 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-07-29 11:38 - 2014-07-09 22:18 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-07-29 11:09 - 2013-10-18 20:50 - 01316371 _____ C:\Windows\WindowsUpdate.log 2015-07-29 10:33 - 2014-03-23 20:37 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\QuickScan 2015-07-29 09:42 - 2006-11-02 12:33 - 01614504 _____ C:\Windows\system32\PerfStringBackup.INI 2015-07-29 09:35 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-29 01:18 - 2013-10-21 01:50 - 00000012 _____ C:\Windows\bthservsdp.dat 2015-07-29 01:18 - 2006-11-02 15:01 - 00032580 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-07-28 21:21 - 2014-04-15 12:26 - 00000000 ____D C:\AdwCleaner 2015-07-28 21:12 - 2014-03-23 20:18 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2015-07-28 20:47 - 2013-10-24 18:03 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\vlc 2015-07-28 20:19 - 2014-08-28 00:28 - 00000000 ____D C:\Users\Thomas\Desktop\tupperware 2015-07-28 20:10 - 2014-07-06 00:56 - 00000000 ____D C:\Users\Thomas\Desktop\photos angelique 2015-07-28 20:05 - 2014-05-25 21:58 - 00000000 ____D C:\Users\Thomas\Documents\Travail 2015-07-28 20:00 - 2014-05-27 11:44 - 00000000 ____D C:\Users\Thomas\Documents\Photos téléphone 2015-07-28 19:55 - 2014-11-08 13:06 - 00000000 ____D C:\Users\Thomas\Documents\Impots 2015-07-28 11:17 - 2015-02-07 23:21 - 00000000 ____D C:\ProgramData\11315961264725735023 2015-07-28 11:08 - 2013-10-20 18:56 - 00000000 ____D C:\Windows\system32\MRT 2015-07-27 11:17 - 2006-11-02 14:47 - 00312840 _____ C:\Windows\system32\FNTCACHE.DAT 2015-07-27 10:01 - 2008-11-07 11:42 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-07-25 10:21 - 2014-08-27 12:45 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\HpUpdate 2015-07-24 17:10 - 2015-06-17 22:38 - 00000000 ____D C:\Program Files\Grieving Range 2015-07-24 17:10 - 2015-05-30 20:27 - 00000000 ____D C:\Program Files\Adventurous Park 2015-07-24 10:32 - 2014-01-03 12:04 - 00000052 _____ C:\Windows\system32\DOErrors.log 2015-07-22 18:08 - 2014-07-10 23:19 - 00002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2015-07-15 16:40 - 2014-07-09 22:18 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-07-15 16:40 - 2014-07-09 22:18 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-07-08 09:36 - 2014-03-23 20:14 - 00000125 _____ C:\Users\Thomas\AppData\Roaming\WB.CFG 2015-07-07 22:57 - 2014-07-25 01:02 - 00000000 ____D C:\Users\Thomas\AppData\Local\Adobe 2015-07-05 19:36 - 2013-10-20 19:10 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-07-05 12:11 - 2013-10-19 09:51 - 00246952 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-07-03 08:49 - 2006-11-02 12:24 - 127070192 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2015-06-29 16:09 - 2015-06-12 10:14 - 00000000 ____D C:\Program Files\BitSSaveir ==================== Files in the root of some directories ======= 2013-10-14 04:44 - 2013-10-14 04:44 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files\Common Files\atimpenc.dll 2014-09-01 10:18 - 2014-09-01 10:18 - 0001248 _____ () C:\Users\Thomas\AppData\Roaming\GRYMAVCF 2014-09-01 10:18 - 2014-09-01 10:18 - 0002086 _____ () C:\Users\Thomas\AppData\Roaming\LLO 2014-03-23 20:14 - 2015-07-08 09:36 - 0000125 _____ () C:\Users\Thomas\AppData\Roaming\WB.CFG 2013-10-19 10:20 - 2013-10-19 10:20 - 0000000 _____ () C:\Users\Thomas\AppData\Local\AtStart.txt 2013-12-11 19:33 - 2013-12-14 18:02 - 0006836 _____ () C:\Users\Thomas\AppData\Local\d3d9caps.dat 2015-07-28 19:46 - 2015-07-28 20:22 - 0005120 _____ () C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-10-19 10:20 - 2013-10-19 10:20 - 0000000 _____ () C:\Users\Thomas\AppData\Local\DSwitch.txt 2014-07-23 22:00 - 2014-07-24 23:46 - 0000000 _____ () C:\Users\Thomas\AppData\Local\FnF4.txt 2014-04-14 13:21 - 2014-04-14 13:21 - 1097384 _____ (AnyProtect.com) C:\Users\Thomas\AppData\Local\nsa1C49.tmp 2014-04-17 13:01 - 2014-04-17 13:01 - 1097384 _____ (AnyProtect.com) C:\Users\Thomas\AppData\Local\nsfCA70.tmp 2013-10-19 10:20 - 2013-10-19 10:20 - 0000000 _____ () C:\Users\Thomas\AppData\Local\QSwitch.txt 2014-03-23 20:38 - 2014-03-23 20:38 - 0044883 _____ () C:\ProgramData\1395599869.bdinstall.bin 2014-03-23 20:44 - 2014-03-23 20:44 - 0045301 _____ () C:\ProgramData\1395600233.bdinstall.bin 2013-10-18 21:22 - 2013-10-18 21:22 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log 2008-11-07 12:00 - 2008-11-07 12:01 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 2013-10-18 21:21 - 2013-10-18 21:21 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log 2008-11-07 11:53 - 2008-11-07 11:55 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2013-10-18 21:20 - 2013-10-18 21:20 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log 2013-10-18 21:22 - 2013-10-18 21:22 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log 2008-11-07 11:51 - 2008-11-07 11:52 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log 2008-11-07 11:55 - 2008-11-07 12:00 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log 2013-10-18 21:23 - 2013-10-18 21:23 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log Some files in TEMP: ==================== C:\Users\Thomas\AppData\Local\Temp\Quarantine.exe C:\Users\Thomas\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-29 09:44 ==================== End of log ============================